Update change-ip script to have SAN

2025-09-16 23:32:19 +00:00 · 2019-12-12 13:07:25 +05:30 · 2019-12-12 13:07:25 +05:30 · b6241b1d45
commit b6241b1d45
parent 559d9258fc
1 changed files with 11 additions and 1 deletions
--- a/modules/scripts/change-ip.sh
+++ b/modules/scripts/change-ip.sh
@ -215,6 +215,7 @@ B_SUBJ=''
 C_SUBJ=''
 A_SUBJ=''
 SERVER_ADDRESS=''
+SAN_NAMES=''
 slash='/'
 equal='='

@ -250,6 +251,10 @@ buildSubject(){
        elif [ $3 = "B" ]; then
            B_SUBJ="$B_SUBJ$slash$1$equal$val"
            return
+        elif [ $3 = "S" ]; then
+            SAN_NAMES="DNS:$val$4$SAN_NAMES"
+            buildSubject 'SAN' 'SAN' 'S' ','
+            return
        else
            A_SUBJ="$A_SUBJ$slash$1$equal$val"
            return
@ -267,6 +272,7 @@ buildSubject 'O' 'Organization' 'C'
 buildSubject 'OU' 'Organizational Unit' 'C'
 buildSubject 'emailAddress' 'Email Address' 'C'
 buildSubject 'CN' 'Common Name' 'C'
+buildSubject 'SAN' 'SAN' 'S'

 echo ""
 echo 'Provided IoT Core SSL Subject : ' $C_SUBJ
@ -283,7 +289,11 @@ echo ""
 echo "Generating SSL Certificate for IoT Core"
 openssl genrsa -out ./tmp/c.key 4096
 openssl req -new -key ./tmp/c.key -out ./tmp/c.csr  -subj $C_SUBJ
-openssl x509 -req -days 730 -in ./tmp/c.csr -signkey ./tmp/c.key -set_serial 044324884 -out ./tmp/c.crt
+if [ -z $SAN_NAMES ]; then
+    openssl x509 -req -days 730 -in ./tmp/c.csr -signkey ./tmp/c.key -set_serial 044324884 -sha256 -out ./tmp/c.crt
+else
+    openssl x509 -req -extfile <(printf "subjectAltName=$SAN_NAMES") -days 730 -in ./tmp/c.csr -signkey ./tmp/c.key -set_serial 044324884 -sha256 -out ./tmp/c.crt
+fi

 echo "Export to PKCS12"
 openssl pkcs12 -export -out ./tmp/CKEYSTORE.p12 -inkey ./tmp/c.key -in ./tmp/c.crt -name "wso2carbon" -password pass:$SSL_PASS