got wildcards and nonwildcards

2018-09-27 12:56:43 -06:00 · 2018-09-27 12:56:43 -06:00 · cada90b882
parent c7acff9076
commit cada90b882
1 changed files with 12 additions and 19 deletions
--- a/openssl.sh
+++ b/openssl.sh
@ -5,13 +5,14 @@ set -u

 options="${1:-}"
 prefix="${2:-}"
+host="${3:-localhost}"

 doserver=0
 doclient=0

 case "$options" in
   server ) doserver=1 ;;
-   client ) doclient=1 ; cacrt="${3}"; cakey="${4}" ;;
+   client ) doclient=1 ; cacrt="${4}"; cakey="${5}" ;;
   all ) doserver=1; doclient=1 ;;
   * ) echo "USAGE: $0 [all|server|client] file_prefix [server.crt server.key]"; exit 1 ;;
 esac
@ -24,14 +25,10 @@ if ((doserver)); then
   echo 1
   openssl genrsa -out $cakey 4096
   echo 2
-   echo '
-
-
-
-
-   localhost
-
-   ' | openssl req -nodes -new -x509 -days 365 -key $cakey -out $cacrt
+   openssl req -nodes -new -x509 -days 365 -key $cakey -out $cacrt \
+      -subj "/C=US/ST=UT/O=breel/CN=${host}" \
+       -reqexts SAN -extensions SAN -config <(cat /etc/ssl/openssl.cnf \
+      <(printf "\n[SAN]\nsubjectAltName=DNS:${host},DNS:*.${host}"))
 fi

 if ((doclient)); then
@ -41,19 +38,15 @@ if ((doclient)); then
   echo 3
   openssl genrsa -out $clientkey 4096
   echo 4
-   echo '
+   openssl req -nodes -new -key $clientkey -out $clientcsr \
+      -subj "/C=US/ST=UT/O=breel/CN=${host}" \
+       -reqexts SAN -extensions SAN -config <(cat /etc/ssl/openssl.cnf \
+      <(printf "\n[SAN]\nsubjectAltName=DNS:${host},DNS:*.${host}"))

-
-
-
-   localhost
-
-
-
-   ' | openssl req -nodes -new -key $clientkey -out $clientcsr
   # self-signed
   echo 5
-   openssl x509 -req -days 365 -in $clientcsr -CA $cacrt -CAkey $cakey -set_serial 01 -out $clientcrt
+   openssl x509 -req -days 365 -in $clientcsr -CA $cacrt -CAkey $cakey \
+      -set_serial 01 -out $clientcrt
 fi

 if ((doserver)); then