2
0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-08-13 15:00:15 +00:00

Set the FQDN in the xcatd certificate, use subjectAltNames

This commit is contained in:
XuWei
2016-03-01 03:39:41 -05:00
parent dee1c2a39e
commit 0d7a0dec61
2 changed files with 5 additions and 1 deletions

View File

@@ -225,6 +225,9 @@ authorityKeyIdentifier=keyid,issuer
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ san_env ]
subjectAltaName = ${ENV::SAN}
[ v3_ca ]

View File

@@ -23,6 +23,7 @@ fi
mkdir -p $XCATDIR/cert
cd $XCATDIR/cert
openssl genrsa -out server-key.pem 2048
export SAN=DNS:`hostname --long`,DNS:`hostname --short`
openssl req -config $XCATCADIR/openssl.cnf -new -key server-key.pem -out server-req.pem -extensions server -subj "/CN=$CNA"
cp server-req.pem $XCATDIR/ca/`hostname`.csr
cd -
@@ -33,7 +34,7 @@ cd $XCATDIR/ca
# - call cmds directly instead - seems safe
# make sign
openssl ca -startdate 600101010101Z -config openssl.cnf -in `hostname`.csr -out `hostname`.cert -extensions server
openssl ca -startdate 600101010101Z -config openssl.cnf -in `hostname`.csr -out `hostname`.cert -extensions server -extensions san_env
if [ -f `hostname`.cert ]; then
rm `hostname`.csr
fi