From b6241b1d45d85140f9477bc48c005f14834e2c2b Mon Sep 17 00:00:00 2001 From: Saad Sahibjan Date: Thu, 12 Dec 2019 13:07:25 +0530 Subject: [PATCH] Update change-ip script to have SAN --- modules/scripts/change-ip.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) mode change 100644 => 100755 modules/scripts/change-ip.sh diff --git a/modules/scripts/change-ip.sh b/modules/scripts/change-ip.sh old mode 100644 new mode 100755 index 8c5c9ba9..8cfdfffd --- a/modules/scripts/change-ip.sh +++ b/modules/scripts/change-ip.sh @@ -215,6 +215,7 @@ B_SUBJ='' C_SUBJ='' A_SUBJ='' SERVER_ADDRESS='' +SAN_NAMES='' slash='/' equal='=' @@ -250,6 +251,10 @@ buildSubject(){ elif [ $3 = "B" ]; then B_SUBJ="$B_SUBJ$slash$1$equal$val" return + elif [ $3 = "S" ]; then + SAN_NAMES="DNS:$val$4$SAN_NAMES" + buildSubject 'SAN' 'SAN' 'S' ',' + return else A_SUBJ="$A_SUBJ$slash$1$equal$val" return @@ -267,6 +272,7 @@ buildSubject 'O' 'Organization' 'C' buildSubject 'OU' 'Organizational Unit' 'C' buildSubject 'emailAddress' 'Email Address' 'C' buildSubject 'CN' 'Common Name' 'C' +buildSubject 'SAN' 'SAN' 'S' echo "" echo 'Provided IoT Core SSL Subject : ' $C_SUBJ @@ -283,7 +289,11 @@ echo "" echo "Generating SSL Certificate for IoT Core" openssl genrsa -out ./tmp/c.key 4096 openssl req -new -key ./tmp/c.key -out ./tmp/c.csr -subj $C_SUBJ -openssl x509 -req -days 730 -in ./tmp/c.csr -signkey ./tmp/c.key -set_serial 044324884 -out ./tmp/c.crt +if [ -z $SAN_NAMES ]; then + openssl x509 -req -days 730 -in ./tmp/c.csr -signkey ./tmp/c.key -set_serial 044324884 -sha256 -out ./tmp/c.crt +else + openssl x509 -req -extfile <(printf "subjectAltName=$SAN_NAMES") -days 730 -in ./tmp/c.csr -signkey ./tmp/c.key -set_serial 044324884 -sha256 -out ./tmp/c.crt +fi echo "Export to PKCS12" openssl pkcs12 -export -out ./tmp/CKEYSTORE.p12 -inkey ./tmp/c.key -in ./tmp/c.crt -name "wso2carbon" -password pass:$SSL_PASS