diff options
| -rwxr-xr-x | package/sbin/painless-le | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/package/sbin/painless-le b/package/sbin/painless-le index d910db0..d970ef7 100755 --- a/package/sbin/painless-le +++ b/package/sbin/painless-le @@ -64,7 +64,6 @@ DNS_DOMAIN="${@:2}" #=============================================================================== # Define filename variables #=============================================================================== - OPENSSLCONF="/etc/ssl/openssl.cnf" REQUESTFILE="$(mktemp /tmp/painless-le.XXXXXX.csr)" CONFIDENTIAL="${TARGET_DIR%/}/${OPT_CONFIDENTIAL:-confidential.pem}" INTERMEDIATE="${TARGET_DIR%/}/${OPT_INTERMEDIATE:-intermediate.pem}" @@ -77,10 +76,20 @@ CERTIFICATE_FULL="${TARGET_DIR%/}/${OPT_CERTIFICATE_FULL:-certificate_full.pem}" trap 'rm ${REQUESTFILE}' EXIT #=============================================================================== +# Assemble OpenSSL configuration for CSR generation +#=============================================================================== +SUBJECT_ALT_NAME="DNS:$(echo ${DNS_DOMAIN} | sed "s/ /,DNS:/g")" +OPENSSL_CONFIG="[req] +distinguished_name = req_distinguished_name +[req_distinguished_name] +[SAN] +subjectAltName=${SUBJECT_ALT_NAME}" + +#=============================================================================== # Create Certificate-Signing-Request #=============================================================================== -openssl req -config <(cat "${OPENSSLCONF}" <(printf "[SAN]\nsubjectAltName=DNS:`echo ${DNS_DOMAIN} | sed "s/ /,DNS:/g"`")) \ - -new -sha256 -key "${CONFIDENTIAL}" -out "${REQUESTFILE}" -reqexts SAN -subj "/" +openssl req -config <(echo "$OPENSSL_CONFIG") -new -sha256 -reqexts SAN \ + -subj "/" -key "${CONFIDENTIAL}" -out "${REQUESTFILE}" #=============================================================================== # Check if Certificate-Signing-Request creation failed |