Commit 8de94b65 authored by Stefan Fritsch's avatar Stefan Fritsch

Add support for subject alternative names

parent ec70908a
ssl-cert (1.0.29) UNRELEASED; urgency=low
* Add support for subject alternative names. Thanks to Jonas Smedegaard for
the patch. Closes: #645515
* Add Catalan translation. Thanks to Innocent De Marchi. Closes: #628373
* Bump Standards-Version (no changes).
* Switch VCS to git
......
......@@ -15,6 +15,23 @@ _Description: Host name:
.
It will become the 'commonName' field of the generated SSL certificate.
Template: make-ssl-cert/altname
Type: string
_Description: Alternative name(s):
Please enter any additional names to use in the SSL certificate.
.
It will become the 'subjectAltName' field of the generated SSL certificate.
.
Multiple alternative names should be delimited with comma and no spaces.
For a web server with multiple DNS names this could look like:
.
DNS:www.example.com,DNS:images.example.com
.
A more complex example including a hostname, a WebID, an email address, and
an IPv4 address:
.
DNS:example.com,URI:http://example.com/joe#me,email:me@example.com,IP:192.168.7.3
Template: make-ssl-cert/title
Type: title
_Description: Configure an SSL Certificate.
......
......@@ -27,6 +27,13 @@ ask_via_debconf() {
db_get make-ssl-cert/hostname
HostName="$RET"
db_fset make-ssl-cert/hostname seen false
db_fset make-ssl-cert/altname seen false
db_input high make-ssl-cert/altname || true
db_go
db_get make-ssl-cert/altname
AltName="$RET"
db_fset make-ssl-cert/altname seen false
}
make_snakeoil() {
......@@ -41,6 +48,7 @@ make_snakeoil() {
create_temporary_cnf() {
sed -e s#@HostName@#"$HostName"# $template > $TMPFILE
[ -z "$AltName" ] || echo "subjectAltName=$AltName" >> $TMPFILE
}
# Takes two arguments, the base layout and the output cert.
......
......@@ -10,6 +10,11 @@ default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
prompt = no
policy = policy_anything
req_extensions = v3_req
x509_extensions = v3_req
[ req_distinguished_name ]
commonName = @HostName@
[ v3_req ]
basicConstraints = CA:FALSE
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment