Details
-
Type:
Monitor
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: FIWARE-TECH-HELP
-
HD-Enabler:Orion
Description
Created question in FIWARE Q/A platform on 03-05-2019 at 11:05
Please, ANSWER this question AT https://stackoverflow.com/questions/55966718/add-subjectaltnames-to-openssl-script
Question:
Add SubjectAltNAmes to openssl script
Description:
here is a bash script that I found on that GitHub Repo.
The script is usefull for the kind of certificate I need to create for my project and it works with my HAProxy for 443 requests.
My question is how can I add a SAN (SubjectAltNAme) to that script, for example adding below the field email something like this that will be recognize and works.
subjectAltName="DNS:domain1.com,DNS:domain2.com"
Here is the originl one:
- Copyright 2014 Telefonica Investigacion y Desarrollo, S.A.U
# - This file is part of Orion Context Broker.
# - Orion Context Broker is free software: you can redistribute it and/or
- modify it under the terms of the GNU Affero General Public License as
- published by the Free Software Foundation, either version 3 of the
- License, or (at your option) any later version.
# - Orion Context Broker is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
- General Public License for more details.
# - You should have received a copy of the GNU Affero General Public License
- along with Orion Context Broker. If not, see http://www.gnu.org/licenses/.
# - For those usages not covered by this license please contact with
- iot_support at tid dot es
- -----------------------------------------------------------------------------
# - usage
#
function usage() { fileName=$(basename $0) echo $fileName "[--keyFileName (name of key file)] [--certFileName (name of certificate file)]" echo " [--country (country)] [--state (state)] [--city (city)] [--company (company)] [--unit (unit)] [--name (name)] [--email (email)]" echo echo " The last seven options are input for the creation of the certificate and they all have 'decent' default values." exit $1 }
keyFileName="localhost.key"
certFileName="localhost.pem"
country="ES"
state="Madrid"
city="Madrid"
company="Telefonica"
unit="I+D"
name="localhost"
email="noone@nowhere.com"
while [ "$#" != 0 ]
do
if [ "$1" == "-u" ]; then usage;
elif [ "$1" == "--keyFileName" ]; then keyFileName=$2; shift;
elif [ "$1" == "--certFileName" ]; then certFileName=$2; shift;
elif [ "$1" == "--state" ]; then state=$2; shift;
elif [ "$1" == "--city" ]; then city=$2; shift;
elif [ "$1" == "--company" ]; then company=$2; shift;
elif [ "$1" == "--unit" ]; then unit=$2; shift;
elif [ "$1" == "--name" ]; then name=$2; shift;
elif [ "$1" == "--email" ]; then email=$2; shift;
else
echo $0: bad parameter/option: "'"$
"'";
usage 1
fi
shift
done
OPTIONS="/C="$country"/ST="$state"/L="$city"/O="$company"/OU="$unit"/CN="$name"/"
openssl genrsa -out "$keyFileName" 1024 > /dev/null 2>&1
openssl req -days 365 -out "$certFileName" -new -x509 -key "$keyFileName" -subj "$OPTIONS" > /dev/null 2>&1
Thanks for your help
Activity
| Field | Original Value | New Value |
|---|---|---|
| Component/s | FIWARE-TECH-HELP [ 10278 ] |
| HD-Enabler | Orion [ 10875 ] | |
| Description |
Created question in FIWARE Q/A platform on 03-05-2019 at 11:05 {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/55966718/add-subjectaltnames-to-openssl-script +Question:+ Add SubjectAltNAmes to openssl script +Description:+ here is a bash script that I found on that GitHub Repo. The script is usefull for the kind of certificate I need to create for my project and it works with my HAProxy for 443 requests. My question is how can I add a SAN (SubjectAltNAme) to that script, for example adding below the field email something like this that will be recognize and works. subjectAltName="DNS:domain1.com,DNS:domain2.com" Here is the originl one: # Copyright 2014 Telefonica Investigacion y Desarrollo, S.A.U # # This file is part of Orion Context Broker. # # Orion Context Broker is free software: you can redistribute it and/or # modify it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # Orion Context Broker is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero # General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with Orion Context Broker. If not, see http://www.gnu.org/licenses/. # # For those usages not covered by this license please contact with # iot_support at tid dot es # ----------------------------------------------------------------------------- # # usage # function usage() { fileName=$(basename $0) echo $fileName "[--keyFileName (name of key file)] [--certFileName (name of certificate file)]" echo " [--country (country)] [--state (state)] [--city (city)] [--company (company)] [--unit (unit)] [--name (name)] [--email (email)]" echo echo " The last seven options are input for the creation of the certificate and they all have 'decent' default values." exit $1 } keyFileName="localhost.key" certFileName="localhost.pem" country="ES" state="Madrid" city="Madrid" company="Telefonica" unit="I+D" name="localhost" email="noone@nowhere.com" while [ "$#" != 0 ] do if [ "$1" == "-u" ]; then usage; elif [ "$1" == "--keyFileName" ]; then keyFileName=$2; shift; elif [ "$1" == "--certFileName" ]; then certFileName=$2; shift; elif [ "$1" == "--state" ]; then state=$2; shift; elif [ "$1" == "--city" ]; then city=$2; shift; elif [ "$1" == "--company" ]; then company=$2; shift; elif [ "$1" == "--unit" ]; then unit=$2; shift; elif [ "$1" == "--name" ]; then name=$2; shift; elif [ "$1" == "--email" ]; then email=$2; shift; else echo $0: bad parameter/option: "'"${1}"'"; usage 1 fi shift done OPTIONS="/C="$country"/ST="$state"/L="$city"/O="$company"/OU="$unit"/CN="$name"/" openssl genrsa -out "$keyFileName" 1024 > /dev/null 2>&1 openssl req -days 365 -out "$certFileName" -new -x509 -key "$keyFileName" -subj "$OPTIONS" > /dev/null 2>&1 Thanks for your help |
Created question in FIWARE Q/A platform on 03-05-2019 at 11:05
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/55966718/add-subjectaltnames-to-openssl-script +Question:+ Add SubjectAltNAmes to openssl script +Description:+ here is a bash script that I found on that GitHub Repo. The script is usefull for the kind of certificate I need to create for my project and it works with my HAProxy for 443 requests. My question is how can I add a SAN (SubjectAltNAme) to that script, for example adding below the field email something like this that will be recognize and works. subjectAltName="DNS:domain1.com,DNS:domain2.com" Here is the originl one: # Copyright 2014 Telefonica Investigacion y Desarrollo, S.A.U # # This file is part of Orion Context Broker. # # Orion Context Broker is free software: you can redistribute it and/or # modify it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # Orion Context Broker is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero # General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with Orion Context Broker. If not, see http://www.gnu.org/licenses/. # # For those usages not covered by this license please contact with # iot_support at tid dot es # ----------------------------------------------------------------------------- # # usage # function usage() { fileName=$(basename $0) echo $fileName "[--keyFileName (name of key file)] [--certFileName (name of certificate file)]" echo " [--country (country)] [--state (state)] [--city (city)] [--company (company)] [--unit (unit)] [--name (name)] [--email (email)]" echo echo " The last seven options are input for the creation of the certificate and they all have 'decent' default values." exit $1 } keyFileName="localhost.key" certFileName="localhost.pem" country="ES" state="Madrid" city="Madrid" company="Telefonica" unit="I+D" name="localhost" email="noone@nowhere.com" while [ "$#" != 0 ] do if [ "$1" == "-u" ]; then usage; elif [ "$1" == "--keyFileName" ]; then keyFileName=$2; shift; elif [ "$1" == "--certFileName" ]; then certFileName=$2; shift; elif [ "$1" == "--state" ]; then state=$2; shift; elif [ "$1" == "--city" ]; then city=$2; shift; elif [ "$1" == "--company" ]; then company=$2; shift; elif [ "$1" == "--unit" ]; then unit=$2; shift; elif [ "$1" == "--name" ]; then name=$2; shift; elif [ "$1" == "--email" ]; then email=$2; shift; else echo $0: bad parameter/option: "'"${1}"'"; usage 1 fi shift done OPTIONS="/C="$country"/ST="$state"/L="$city"/O="$company"/OU="$unit"/CN="$name"/" openssl genrsa -out "$keyFileName" 1024 > /dev/null 2>&1 openssl req -days 365 -out "$certFileName" -new -x509 -key "$keyFileName" -subj "$OPTIONS" > /dev/null 2>&1 Thanks for your help |
| Assignee | Fermín Galán [ fermin ] |