Certif avec CN via mkcert

This commit is contained in:
gael 2023-03-15 01:34:57 +01:00
parent a2c2105019
commit 9f53cc86f5

View File

@ -148,11 +148,33 @@ EOF
export CAROOT=/etc/letsencrypt/local/
/root/mkcert/mkcert -install # CA dans /etc/letsencrypt/local/
cd "${CAROOT}"
/root/mkcert/mkcert "*.kaz.sns" # cert et clé dans /etc/letsencrypt/local/
cat > "${CAROOT}/kaz.sns.cnf" <<EOF
[ req ]
prompt = no
distinguished_name = dn
req_extensions = req_ext
[ dn ]
CN = *.kaz.sns
emailAddress = admin@kaz.sns
O = KAZ
OU = Dev
L = Vannes
ST = France
C = FR
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.0 = *.kaz.sns
EOF
openssl req -new -newkey rsa:2048 -sha256 -nodes -keyout kaz.sns.key -out kaz.sns.csr -config kaz.sns.cnf
/root/mkcert/mkcert -csr "${CAROOT}/kaz.sns.csr" # cert et clé dans /etc/letsencrypt/local/
mkdir -p /etc/letsencrypt/live/kaz.sns/
ln -s ../../local/_wildcard.kaz.sns.pem /etc/letsencrypt/live/kaz.sns/fullchain.pem
ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem
ln -s ../../local/kaz.sns.key /etc/letsencrypt/live/kaz.sns/privkey.pem
fi
# Cache docker registry