|
0 |
-- /usr/share/univention-ssl/make-certificates.sh.orig 2017-07-12 14:04:48.000000000 +0200 |
0 |
++ /usr/share/univention-ssl/make-certificates.sh 2017-07-12 14:04:52.000000000 +0200 |
|
413 |
local name="${1:?Missing argument: dirname}" |
413 |
local name="${1:?Missing argument: dirname}" |
414 |
local fqdn="${2:?Missing argument: common name}" |
414 |
local fqdn="${2:?Missing argument: common name}" |
415 |
local days="${3:-$DEFAULT_DAYS}" |
415 |
local days="${3:-$DEFAULT_DAYS}" |
|
|
416 |
local domain=$(ucr get domainname) |
417 |
local san=$(univention-ldapsearch -LLL cNAMERecord=$fqdn. | grep relativeDomainName: | awk -v domain="${domain}" '{print $2, $2"."domain}' | sed ':a;N;$!ba;s/\n/\ /g') |
416 |
|
418 |
|
417 |
local hostname="${fqdn%%.*}" cn="$fqdn" |
419 |
local hostname="${fqdn%%.*}" cn="$fqdn" |
418 |
if [ ${#hostname} -gt 64 ] |
420 |
if [ ${#hostname} -gt 64 ] |
|
436 |
[ -n "$EXTERNAL_REQUEST_FILE_KEY" ] && cp "$EXTERNAL_REQUEST_FILE_KEY" "$name/private.key" |
438 |
[ -n "$EXTERNAL_REQUEST_FILE_KEY" ] && cp "$EXTERNAL_REQUEST_FILE_KEY" "$name/private.key" |
437 |
else |
439 |
else |
438 |
# generate a key pair |
440 |
# generate a key pair |
439 |
mk_config "$name/openssl.cnf" "" "$days" "$cn" "$fqdn $hostname" |
441 |
mk_config "$name/openssl.cnf" "" "$days" "$cn" "$fqdn $hostname $san" |
440 |
openssl genrsa -out "$name/private.key" "$DEFAULT_BITS" |
442 |
openssl genrsa -out "$name/private.key" "$DEFAULT_BITS" |
441 |
openssl req -batch -config "$name/openssl.cnf" -new -key "$name/private.key" -out "$name/req.pem" |
443 |
openssl req -batch -config "$name/openssl.cnf" -new -key "$name/private.key" -out "$name/req.pem" |
442 |
fi |
444 |
fi |