Commit 8de94b65 authored by Stefan Fritsch's avatar Stefan Fritsch

Add support for subject alternative names

parent ec70908a
ssl-cert (1.0.29) UNRELEASED; urgency=low
* Add support for subject alternative names. Thanks to Jonas Smedegaard for
the patch. Closes: #645515
* Add Catalan translation. Thanks to Innocent De Marchi. Closes: #628373
* Bump Standards-Version (no changes).
* Switch VCS to git
......@@ -15,6 +15,23 @@ _Description: Host name:
It will become the 'commonName' field of the generated SSL certificate.
Template: make-ssl-cert/altname
Type: string
_Description: Alternative name(s):
Please enter any additional names to use in the SSL certificate.
It will become the 'subjectAltName' field of the generated SSL certificate.
Multiple alternative names should be delimited with comma and no spaces.
For a web server with multiple DNS names this could look like:
A more complex example including a hostname, a WebID, an email address, and
an IPv4 address:
Template: make-ssl-cert/title
Type: title
_Description: Configure an SSL Certificate.
......@@ -27,6 +27,13 @@ ask_via_debconf() {
db_get make-ssl-cert/hostname
db_fset make-ssl-cert/hostname seen false
db_fset make-ssl-cert/altname seen false
db_input high make-ssl-cert/altname || true
db_get make-ssl-cert/altname
db_fset make-ssl-cert/altname seen false
make_snakeoil() {
......@@ -41,6 +48,7 @@ make_snakeoil() {
create_temporary_cnf() {
sed -e s#@HostName@#"$HostName"# $template > $TMPFILE
[ -z "$AltName" ] || echo "subjectAltName=$AltName" >> $TMPFILE
# Takes two arguments, the base layout and the output cert.
......@@ -10,6 +10,11 @@ default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
prompt = no
policy = policy_anything
req_extensions = v3_req
x509_extensions = v3_req
[ req_distinguished_name ]
commonName = @HostName@
[ v3_req ]
basicConstraints = CA:FALSE
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment