Certif avec CN via mkcert

1 year ago · 9f53cc86f5
1 changed files with 25 additions and 3 deletions
--- a/files/vm-provision.sh
+++ b/files/vm-provision.sh
@ -148,11 +148,33 @@ EOF
       export CAROOT=/etc/letsencrypt/local/
       /root/mkcert/mkcert -install      # CA dans /etc/letsencrypt/local/
       cd "${CAROOT}"
-       /root/mkcert/mkcert "*.kaz.sns" # cert et clé dans /etc/letsencrypt/local/
+	  cat > "${CAROOT}/kaz.sns.cnf" <<EOF
+[ req ]
+prompt = no
+distinguished_name = dn
+req_extensions = req_ext
+
+[ dn ]
+CN = *.kaz.sns
+emailAddress = admin@kaz.sns
+O = KAZ
+OU = Dev
+L = Vannes
+ST = France
+C = FR
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.0 = *.kaz.sns
+EOF
+		openssl req -new -newkey rsa:2048 -sha256 -nodes -keyout kaz.sns.key -out kaz.sns.csr -config kaz.sns.cnf
+        /root/mkcert/mkcert -csr "${CAROOT}/kaz.sns.csr" # cert et clé dans /etc/letsencrypt/local/

-     	 mkdir -p /etc/letsencrypt/live/kaz.sns/
+     	mkdir -p /etc/letsencrypt/live/kaz.sns/
       ln -s ../../local/_wildcard.kaz.sns.pem /etc/letsencrypt/live/kaz.sns/fullchain.pem
-       ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem
+       ln -s ../../local/kaz.sns.key /etc/letsencrypt/live/kaz.sns/privkey.pem
    fi

    # Cache docker registry