tweak SAN

This commit is contained in:
Philip Peterson 2026-06-25 03:26:19 -07:00
parent 12b57f221e
commit 03a4a1a7ef

View file

@ -257,9 +257,16 @@ in {
path = [ pkgs.openssl ]; path = [ pkgs.openssl ];
script = '' script = ''
SSL_DIR=/var/coldairnetworks-db/ssl SSL_DIR=/var/coldairnetworks-db/ssl
NEEDS_REGEN=0
if [ ! -f "$SSL_DIR/server.crt" ]; then if [ ! -f "$SSL_DIR/server.crt" ]; then
NEEDS_REGEN=1
elif ! openssl x509 -in "$SSL_DIR/server.crt" -text -noout 2>/dev/null | grep -q "db.coldairnetworks.com"; then
NEEDS_REGEN=1
fi
if [ "$NEEDS_REGEN" = "1" ]; then
openssl req -new -x509 -days 3650 -nodes \ openssl req -new -x509 -days 3650 -nodes \
-subj "/CN=mainframe.philippeterson.com" \ -subj "/CN=mainframe.philippeterson.com" \
-addext "subjectAltName=DNS:mainframe.philippeterson.com,DNS:db.coldairnetworks.com" \
-keyout "$SSL_DIR/server.key" \ -keyout "$SSL_DIR/server.key" \
-out "$SSL_DIR/server.crt" -out "$SSL_DIR/server.crt"
chmod 600 "$SSL_DIR/server.key" chmod 600 "$SSL_DIR/server.key"