Update change-ip script to have SAN

357-notification-for-kiosk-mode
Saad Sahibjan 5 years ago
parent 559d9258fc
commit b6241b1d45

@ -215,6 +215,7 @@ B_SUBJ=''
C_SUBJ='' C_SUBJ=''
A_SUBJ='' A_SUBJ=''
SERVER_ADDRESS='' SERVER_ADDRESS=''
SAN_NAMES=''
slash='/' slash='/'
equal='=' equal='='
@ -250,6 +251,10 @@ buildSubject(){
elif [ $3 = "B" ]; then elif [ $3 = "B" ]; then
B_SUBJ="$B_SUBJ$slash$1$equal$val" B_SUBJ="$B_SUBJ$slash$1$equal$val"
return return
elif [ $3 = "S" ]; then
SAN_NAMES="DNS:$val$4$SAN_NAMES"
buildSubject 'SAN' 'SAN' 'S' ','
return
else else
A_SUBJ="$A_SUBJ$slash$1$equal$val" A_SUBJ="$A_SUBJ$slash$1$equal$val"
return return
@ -267,6 +272,7 @@ buildSubject 'O' 'Organization' 'C'
buildSubject 'OU' 'Organizational Unit' 'C' buildSubject 'OU' 'Organizational Unit' 'C'
buildSubject 'emailAddress' 'Email Address' 'C' buildSubject 'emailAddress' 'Email Address' 'C'
buildSubject 'CN' 'Common Name' 'C' buildSubject 'CN' 'Common Name' 'C'
buildSubject 'SAN' 'SAN' 'S'
echo "" echo ""
echo 'Provided IoT Core SSL Subject : ' $C_SUBJ echo 'Provided IoT Core SSL Subject : ' $C_SUBJ
@ -283,7 +289,11 @@ echo ""
echo "Generating SSL Certificate for IoT Core" echo "Generating SSL Certificate for IoT Core"
openssl genrsa -out ./tmp/c.key 4096 openssl genrsa -out ./tmp/c.key 4096
openssl req -new -key ./tmp/c.key -out ./tmp/c.csr -subj $C_SUBJ openssl req -new -key ./tmp/c.key -out ./tmp/c.csr -subj $C_SUBJ
openssl x509 -req -days 730 -in ./tmp/c.csr -signkey ./tmp/c.key -set_serial 044324884 -out ./tmp/c.crt if [ -z $SAN_NAMES ]; then
openssl x509 -req -days 730 -in ./tmp/c.csr -signkey ./tmp/c.key -set_serial 044324884 -sha256 -out ./tmp/c.crt
else
openssl x509 -req -extfile <(printf "subjectAltName=$SAN_NAMES") -days 730 -in ./tmp/c.csr -signkey ./tmp/c.key -set_serial 044324884 -sha256 -out ./tmp/c.crt
fi
echo "Export to PKCS12" echo "Export to PKCS12"
openssl pkcs12 -export -out ./tmp/CKEYSTORE.p12 -inkey ./tmp/c.key -in ./tmp/c.crt -name "wso2carbon" -password pass:$SSL_PASS openssl pkcs12 -export -out ./tmp/CKEYSTORE.p12 -inkey ./tmp/c.key -in ./tmp/c.crt -name "wso2carbon" -password pass:$SSL_PASS

Loading…
Cancel
Save