From 78603766c6bd1f5e43f8b1338caf4c0ce948331f Mon Sep 17 00:00:00 2001
From: Someone <someone@somenet.org>
Date: Tue, 3 Feb 2015 20:40:37 +0100
Subject: [PATCH] changed the way we write dns-alt-names.

---
 certgen.sh  | 14 ++++++++++++--
 openssl.cnf |  6 +++++-
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/certgen.sh b/certgen.sh
index 7fc33f3..f51c06a 100755
--- a/certgen.sh
+++ b/certgen.sh
@@ -26,8 +26,18 @@ while read cdline ; do
 	chmod o+x "output/${certdata[1]}"
 
 	SUBJECT="${certdata[2]}CN=${certdata[1]}/"
-	CERTGEN_DNS_ALT_NAMES=$(echo "DNS:${certdata[1]},${certdata[3]}" | sed -e 's/,/ DNS:/g')
-	cat openssl.cnf | sed -e "s/CERTGEN_DNS_ALT_NAMES/${CERTGEN_DNS_ALT_NAMES}/" > /tmp/certgen.cnf
+	DNS_NAMES="${certdata[1]},${certdata[3]}"
+	OLDIFS=$IFS
+	IFS=","
+	cat openssl.cnf > /tmp/certgen.cnf
+	COUNTER=0
+	for name in $DNS_NAMES; do
+		COUNTER=$((COUNTER+1))
+		echo "DNS.${COUNTER} = $name" >> /tmp/certgen.cnf
+	done
+	IFS=$OLDIFS
+	unset OLDIFS
+	unset COUNTER
 	
 	cd "output/${certdata[1]}"
 	openssl genrsa -out "${certdata[1]}.key" 4096 &> /dev/null
diff --git a/openssl.cnf b/openssl.cnf
index 87cf140..ac271ab 100644
--- a/openssl.cnf
+++ b/openssl.cnf
@@ -46,7 +46,7 @@ emailAddress_max			= 64
 [ v3_req ]
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectAltName = CERTGEN_DNS_ALT_NAMES
+subjectAltName = @alt_names
 
 ####################################################################
 [ v3_ca ]
@@ -55,3 +55,7 @@ authorityKeyIdentifier = keyid:always,issuer
 basicConstraints = CA:true
 
 ####################################################################
+
+# ALT_NAMES MUST BE THE LAST LINE.
+[alt_names]
+
-- 
2.43.0