Created question in FIWARE Q/A platform on 03-05-2019 at 11:05
Please, ANSWER this question AT https://stackoverflow.com/questions/55966718/add-subjectaltnames-to-openssl-script

Question:
Add SubjectAltNAmes to openssl script

Description:
here is a bash script that I found on that GitHub Repo.

The script is usefull for the kind of certificate I need to create for my project and it works with my HAProxy for 443 requests.

My question is how can I add a SAN (SubjectAltNAme) to that script, for example adding below the field email something like this that will be recognize and works.

subjectAltName="DNS:domain1.com,DNS:domain2.com"

Here is the originl one:

1. Copyright 2014 Telefonica Investigacion y Desarrollo, S.A.U
   #
2. This file is part of Orion Context Broker.
   #
3. Orion Context Broker is free software: you can redistribute it and/or
4. modify it under the terms of the GNU Affero General Public License as
5. published by the Free Software Foundation, either version 3 of the
6. License, or (at your option) any later version.
   #
7. Orion Context Broker is distributed in the hope that it will be useful,
8. but WITHOUT ANY WARRANTY; without even the implied warranty of
9. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
10. General Public License for more details.
    #
11. You should have received a copy of the GNU Affero General Public License
12. along with Orion Context Broker. If not, see http://www.gnu.org/licenses/.
    #
13. For those usages not covered by this license please contact with
14. iot_support at tid dot es

1. -----------------------------------------------------------------------------
   #
2. usage
   #
   function usage() { fileName=$(basename $0) echo $fileName "[--keyFileName (name of key file)] [--certFileName (name of certificate file)]" echo " [--country (country)] [--state (state)] [--city (city)] [--company (company)] [--unit (unit)] [--name (name)] [--email (email)]" echo echo " The last seven options are input for the creation of the certificate and they all have 'decent' default values." exit $1 }

keyFileName="localhost.key"
certFileName="localhost.pem"
country="ES"
state="Madrid"
city="Madrid"
company="Telefonica"
unit="I+D"
name="localhost"
email="noone@nowhere.com"

while [ "$#" != 0 ]
do
if [ "$1" == "-u" ]; then usage;
elif [ "$1" == "--keyFileName" ]; then keyFileName=$2; shift;
elif [ "$1" == "--certFileName" ]; then certFileName=$2; shift;
elif [ "$1" == "--state" ]; then state=$2; shift;
elif [ "$1" == "--city" ]; then city=$2; shift;
elif [ "$1" == "--company" ]; then company=$2; shift;
elif [ "$1" == "--unit" ]; then unit=$2; shift;
elif [ "$1" == "--name" ]; then name=$2; shift;
elif [ "$1" == "--email" ]; then email=$2; shift;
else
echo $0: bad parameter/option: "'"$

"'";
usage 1
fi

shift
done

OPTIONS="/C="$country"/ST="$state"/L="$city"/O="$company"/OU="$unit"/CN="$name"/"

openssl genrsa -out "$keyFileName" 1024 > /dev/null 2>&1
openssl req -days 365 -out "$certFileName" -new -x509 -key "$keyFileName" -subj "$OPTIONS" > /dev/null 2>&1

Thanks for your help