tweak SAN
This commit is contained in:
parent
12b57f221e
commit
03a4a1a7ef
1 changed files with 7 additions and 0 deletions
|
|
@ -257,9 +257,16 @@ in {
|
||||||
path = [ pkgs.openssl ];
|
path = [ pkgs.openssl ];
|
||||||
script = ''
|
script = ''
|
||||||
SSL_DIR=/var/coldairnetworks-db/ssl
|
SSL_DIR=/var/coldairnetworks-db/ssl
|
||||||
|
NEEDS_REGEN=0
|
||||||
if [ ! -f "$SSL_DIR/server.crt" ]; then
|
if [ ! -f "$SSL_DIR/server.crt" ]; then
|
||||||
|
NEEDS_REGEN=1
|
||||||
|
elif ! openssl x509 -in "$SSL_DIR/server.crt" -text -noout 2>/dev/null | grep -q "db.coldairnetworks.com"; then
|
||||||
|
NEEDS_REGEN=1
|
||||||
|
fi
|
||||||
|
if [ "$NEEDS_REGEN" = "1" ]; then
|
||||||
openssl req -new -x509 -days 3650 -nodes \
|
openssl req -new -x509 -days 3650 -nodes \
|
||||||
-subj "/CN=mainframe.philippeterson.com" \
|
-subj "/CN=mainframe.philippeterson.com" \
|
||||||
|
-addext "subjectAltName=DNS:mainframe.philippeterson.com,DNS:db.coldairnetworks.com" \
|
||||||
-keyout "$SSL_DIR/server.key" \
|
-keyout "$SSL_DIR/server.key" \
|
||||||
-out "$SSL_DIR/server.crt"
|
-out "$SSL_DIR/server.crt"
|
||||||
chmod 600 "$SSL_DIR/server.key"
|
chmod 600 "$SSL_DIR/server.key"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue