forked from MirrorHub/synapse
Add a Subject Alternative Name to the certificate generated for Complement tests. (#13071)
This commit is contained in:
parent
0fcc0ae37c
commit
90cadcd403
2 changed files with 20 additions and 3 deletions
1
changelog.d/13071.misc
Normal file
1
changelog.d/13071.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Add a Subject Alternative Name to the certificate generated for Complement tests.
|
|
@ -73,14 +73,30 @@ fi
|
||||||
|
|
||||||
# Generate a TLS key, then generate a certificate by having Complement's CA sign it
|
# Generate a TLS key, then generate a certificate by having Complement's CA sign it
|
||||||
# Note that both the key and certificate are in PEM format (not DER).
|
# Note that both the key and certificate are in PEM format (not DER).
|
||||||
|
|
||||||
|
# First generate a configuration file to set up a Subject Alternative Name.
|
||||||
|
cat > /conf/server.tls.conf <<EOF
|
||||||
|
.include /etc/ssl/openssl.cnf
|
||||||
|
|
||||||
|
[SAN]
|
||||||
|
subjectAltName=DNS:${SERVER_NAME}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Generate an RSA key
|
||||||
openssl genrsa -out /conf/server.tls.key 2048
|
openssl genrsa -out /conf/server.tls.key 2048
|
||||||
|
|
||||||
openssl req -new -key /conf/server.tls.key -out /conf/server.tls.csr \
|
# Generate a certificate signing request
|
||||||
-subj "/CN=${SERVER_NAME}"
|
openssl req -new -config /conf/server.tls.conf -key /conf/server.tls.key -out /conf/server.tls.csr \
|
||||||
|
-subj "/CN=${SERVER_NAME}" -reqexts SAN
|
||||||
|
|
||||||
|
# Make the Complement Certificate Authority sign and generate a certificate.
|
||||||
openssl x509 -req -in /conf/server.tls.csr \
|
openssl x509 -req -in /conf/server.tls.csr \
|
||||||
-CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -set_serial 1 \
|
-CA /complement/ca/ca.crt -CAkey /complement/ca/ca.key -set_serial 1 \
|
||||||
-out /conf/server.tls.crt
|
-out /conf/server.tls.crt -extfile /conf/server.tls.conf -extensions SAN
|
||||||
|
|
||||||
|
# Assert that we have a Subject Alternative Name in the certificate.
|
||||||
|
# (grep will exit with 1 here if there isn't a SAN in the certificate.)
|
||||||
|
openssl x509 -in /conf/server.tls.crt -noout -text | grep DNS:
|
||||||
|
|
||||||
export SYNAPSE_TLS_CERT=/conf/server.tls.crt
|
export SYNAPSE_TLS_CERT=/conf/server.tls.crt
|
||||||
export SYNAPSE_TLS_KEY=/conf/server.tls.key
|
export SYNAPSE_TLS_KEY=/conf/server.tls.key
|
||||||
|
|
Loading…
Reference in a new issue