Added SAN extension to the generated certs

While signing the certificate, a SAN extension for the CN is added using a temporary configuration file which in the end gets removed.
yogeshojha · Jun 20, 2024 · dd3c7a5 · dd3c7a5
1 parent 9b6ccb3
commit dd3c7a5
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/certs/entrypoint.sh b/certs/entrypoint.sh
@@ -19,16 +19,21 @@ cert() {
      -out ${FILENAME}.csr \
      -subj "/C=${COUNTRY_CODE}/ST=${STATE}/L=${CITY}/O=${COMPANY}/CN=${COMMON_NAME}"
 
+  # Creating SAN extension which is needed by modern browsers
+  echo "subjectAltName=DNS:${COMMON_NAME}" > client-ext.cnf
+
   # Create a new certificate using our own CA
   openssl x509 -req -sha256 -passin pass:${AUTHORITY_PASSWORD} -days 3650 \
     -in ${FILENAME}.csr -CA ca.crt -CAkey ca.key \
-    -out ${FILENAME}.crt
+    -out ${FILENAME}.crt \
+    -extfile client-ext.cnf
 
   # Rename files and remove useless ones
   mv ${FILENAME}.crt ${FILENAME}.pem
   cp ca.crt ${FILENAME}_chain.pem
   mv ${FILENAME}.key ${FILENAME}_rsa.key
   rm ${FILENAME}.csr
+  rm client-ext.cnf
 }
 
 # Create /certs folder if it does not exist