From 738837598576d71d13e478475e5f363297f81e60 Mon Sep 17 00:00:00 2001
From: Stefan Galinski <stefan@sgalinski.de>
Date: Sun, 18 Feb 2018 13:21:41 +0100
Subject: [PATCH] [FEATURE] Creation of SSL certificates for all(!) server
 names inside a single certificate

---
 recipes/default.rb                            |  2 +-
 .../default/create_certificate_for_domain.sh  | 25 +++++++++++++------
 templates/default/v3.ext                      |  1 -
 3 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/recipes/default.rb b/recipes/default.rb
index f0fa1c2..7c32af7 100644
--- a/recipes/default.rb
+++ b/recipes/default.rb
@@ -279,7 +279,7 @@ bash 'Create Certificate' do
 	cwd '/etc/apache2/ssl/'
 	code <<-EOF
 		chmod 755 create_certificate_for_domain.sh
-		./create_certificate_for_domain.sh #{node['typo3_site']['hostname']}
+		./create_certificate_for_domain.sh #{node['typo3_site']['hostname']} #{node['typo3_site']['server_aliases']}
 	EOF
 	action :run
 end
diff --git a/templates/default/create_certificate_for_domain.sh b/templates/default/create_certificate_for_domain.sh
index 4f3cd95..6df528a 100755
--- a/templates/default/create_certificate_for_domain.sh
+++ b/templates/default/create_certificate_for_domain.sh
@@ -1,8 +1,8 @@
 #!/usr/bin/env bash
 if [ -z "$1" ]
 then
-  echo "Please supply a subdomain to create a certificate for";
-  echo "e.g. www.mysite.com"
+  echo "Please supply at least one subdomain to create a certificate for";
+  echo "e.g. www.example.com"
   exit;
 fi
 
@@ -15,15 +15,24 @@ fi
 
 DOMAIN=$1
 COMMON_NAME=${2:-*.$1}
-SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=$COMMON_NAME"
+SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=${COMMON_NAME}"
 NUM_OF_DAYS=999
-openssl req -new -newkey rsa:2048 -sha256 -nodes $KEY_OPT device.key -subj "$SUBJECT" -out device.csr
-cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext
-openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext 
+openssl req -new -newkey rsa:2048 -sha256 -nodes ${KEY_OPT} device.key -subj "${SUBJECT}" -out device.csr
+
+cp v3.ext /tmp/__v3.ext
+DOMAIN_COUNTER=1
+for domain_in_list in "$@"
+do
+	echo "DNS.${DOMAIN_COUNTER} = ${domain_in_list}" >> /tmp/__v3.ext
+    ((DOMAIN_COUNTER++))
+done
+#cat v3.ext | sed s/%%DOMAIN%%/${COMMON_NAME}/g > /tmp/__v3.ext
+
+openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days ${NUM_OF_DAYS} -sha256 -extfile /tmp/__v3.ext
 
 # move output files to final filenames
-mv device.csr $DOMAIN.csr
-cp device.crt $DOMAIN.crt
+mv device.csr ${DOMAIN}.csr
+cp device.crt ${DOMAIN}.crt
 
 # remove temp file
 rm -f device.crt;
diff --git a/templates/default/v3.ext b/templates/default/v3.ext
index 7515c66..6083d96 100644
--- a/templates/default/v3.ext
+++ b/templates/default/v3.ext
@@ -4,4 +4,3 @@ keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
 subjectAltName = @alt_names
 
 [alt_names]
-DNS.1 = %%DOMAIN%%
-- 
GitLab