changed the way we write dns-alt-names.

diff --git a/certgen.sh b/certgen.sh
index 7fc33f3199f753c5b95488ab5b4d35ad20efcf79..f51c06ace23d365861f38bb21405e132691a97c2 100755 (executable)
--- a/certgen.sh
+++ b/certgen.sh
@@ -26,8 +26,18 @@ while read cdline ; do
        chmod o+x "output/${certdata[1]}"
 
        SUBJECT="${certdata[2]}CN=${certdata[1]}/"
-       CERTGEN_DNS_ALT_NAMES=$(echo "DNS:${certdata[1]},${certdata[3]}" | sed -e 's/,/ DNS:/g')
-       cat openssl.cnf | sed -e "s/CERTGEN_DNS_ALT_NAMES/${CERTGEN_DNS_ALT_NAMES}/" > /tmp/certgen.cnf
+       DNS_NAMES="${certdata[1]},${certdata[3]}"
+       OLDIFS=$IFS
+       IFS=","
+       cat openssl.cnf > /tmp/certgen.cnf
+       COUNTER=0
+       for name in $DNS_NAMES; do
+               COUNTER=$((COUNTER+1))
+               echo "DNS.${COUNTER} = $name" >> /tmp/certgen.cnf
+       done
+       IFS=$OLDIFS
+       unset OLDIFS
+       unset COUNTER
        
        cd "output/${certdata[1]}"
        openssl genrsa -out "${certdata[1]}.key" 4096 &> /dev/null

diff --git a/openssl.cnf b/openssl.cnf
index 87cf14055e24bf25a892e6c3f9fe7a94c78d7832..ac271aba3d964a2f442f6755adc48c55794aae3a 100644 (file)
--- a/openssl.cnf
+++ b/openssl.cnf
@@ -46,7 +46,7 @@ emailAddress_max                      = 64
 [ v3_req ]
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectAltName = CERTGEN_DNS_ALT_NAMES
+subjectAltName = @alt_names
 
 ####################################################################
 [ v3_ca ]
@@ -55,3 +55,7 @@ authorityKeyIdentifier = keyid:always,issuer
 basicConstraints = CA:true
 
 ####################################################################
+
+# ALT_NAMES MUST BE THE LAST LINE.
+[alt_names]
+