[FEATURE] Creation of SSL certificates for all(!) server names inside a single certificate

73883759 · Stefan Galinski · 0d050e4b · 73883759 · 73883759 · 73883759
Commit 73883759 authored 7 years ago by Stefan Galinski
--- a/recipes/default.rb
+++ b/recipes/default.rb
@@ -279,7 +279,7 @@ bash 'Create Certificate' do
 	cwd '/etc/apache2/ssl/'
 	code <<-EOF
 		chmod 755 create_certificate_for_domain.sh
-		./create_certificate_for_domain.sh #{node['typo3_site']['hostname']}
+		./create_certificate_for_domain.sh #{node['typo3_site']['hostname']} #{node['typo3_site']['server_aliases']}
 	EOF
 	action :run
 end

--- a/templates/default/create_certificate_for_domain.sh
+++ b/templates/default/create_certificate_for_domain.sh
 #!/usr/bin/env bash
 if [ -z "$1" ]
 then
-  echo "Please supply a subdomain to create a certificate for";
+  echo "Please supply at least one subdomain to create a certificate for";
-  echo "e.g. www.mysite.com"
+  echo "e.g. www.example.com"
  exit;
 fi
@@ -15,15 +15,24 @@ fi
 DOMAIN=$1
 COMMON_NAME=${2:-*.$1}
-SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=$COMMON_NAME"
+SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=${COMMON_NAME}"
 NUM_OF_DAYS=999
-openssl req -new -newkey rsa:2048 -sha256 -nodes $KEY_OPT device.key -subj "$SUBJECT" -out device.csr
+openssl req -new -newkey rsa:2048 -sha256 -nodes ${KEY_OPT} device.key -subj "${SUBJECT}" -out device.csr
-cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext
-openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext 
+cp v3.ext /tmp/__v3.ext
+DOMAIN_COUNTER=1
+for domain_in_list in "$@"
+do
+	echo "DNS.${DOMAIN_COUNTER} = ${domain_in_list}" >> /tmp/__v3.ext
+    ((DOMAIN_COUNTER++))
+done
+#cat v3.ext | sed s/%%DOMAIN%%/${COMMON_NAME}/g > /tmp/__v3.ext
+openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days ${NUM_OF_DAYS} -sha256 -extfile /tmp/__v3.ext
 # move output files to final filenames
-mv device.csr $DOMAIN.csr
+mv device.csr ${DOMAIN}.csr
-cp device.crt $DOMAIN.crt
+cp device.crt ${DOMAIN}.crt
 # remove temp file
 rm -f device.crt;

--- a/templates/default/v3.ext
+++ b/templates/default/v3.ext
@@ -4,4 +4,3 @@ keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
 subjectAltName = @alt_names
 [alt_names]
-DNS.1 = %%DOMAIN%%