xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-26 19:40:12 +00:00
Code Issues Projects Releases Wiki Activity

Add CA to self signed cert constraints

Browse Source 
Some applications require this be set for it to work
as an enrolled certificate.  Notably UEFI
requires this.
This commit is contained in:
Jarrod Johnson 2020-02-24 15:34:55 -05:00
parent d2de4ffa14
commit 114324f513
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
confluent_server/bin/confluentcertutil.py
View File

@ -44,7 +44,7 @@ def create_certificate():
tmpconfig = tempfile.mktemp()
shutil.copy2(sslcfg, tmpconfig)
with open(tmpconfig, 'a') as cfgfile:
cfgfile.write('\n[SAN]\nsubjectAltName={0}'.format(san))
cfgfile.write('\n[SAN]\nbasicConstraints = CA:true\nsubjectAltName={0}'.format(san))
subprocess.check_call(
'openssl req -new -x509 -key privkey.pem -days 7300 -out cert.pem '
'-subj /CN={0} -extensions SAN '