Add appliance hostname to SAN for self signed certs (#1378) (#1381)

vmware · Feb 1, 2018 · 132fb13 · 132fb13
1 parent d752303
commit 132fb13
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 6 deletions.
diff --git a/installer/build/scripts/admiral/configure_admiral.sh b/installer/build/scripts/admiral/configure_admiral.sh
@@ -73,8 +73,14 @@ function genCert {
     -out $csr -subj \
     "/C=US/ST=California/L=Palo Alto/O=VMware/OU=Containers on vSphere/CN=$hostname"
 
-  echo "Add subjectAltName = IP: $ip_address to certificate"
-  echo subjectAltName = IP:"$ip_address" > $ext
+  if [ -n "$hostname" ] && [ "$hostname" != "$ip_address" ]; then
+    san="subjectAltName = DNS:$hostname,IP:$ip_address"
+  else
+    san="subjectAltName = IP:$ip_address"
+  fi
+  echo "Add subjectAltName $san to certificate"
+  echo "$san" > $ext
+
   openssl x509 -req -days 1095 -in $csr -CA $ca_cert -CAkey $ca_key -CAcreateserial -extfile $ext -out $cert
 
   echo "Creating certificate chain for $cert"

diff --git a/installer/build/scripts/fileserver/configure_fileserver.sh b/installer/build/scripts/fileserver/configure_fileserver.sh
@@ -54,8 +54,14 @@ function genCert {
     -out $csr -subj \
     "/C=US/ST=California/L=Palo Alto/O=VMware/OU=Containers on vSphere/CN=$hostname"
 
-  echo "Add subjectAltName = IP: $ip_address to certificate"
-  echo subjectAltName = IP:$ip_address > $ext
+  if [ -n "$hostname" ] && [ "$hostname" != "$ip_address" ]; then
+    san="subjectAltName = DNS:$hostname,IP:$ip_address"
+  else
+    san="subjectAltName = IP:$ip_address"
+  fi
+  echo "Add subjectAltName $san to certificate"
+  echo "$san" > $ext
+
   openssl x509 -req -days 1095 -in $csr -CA $ca_cert -CAkey $ca_key -CAcreateserial -extfile $ext -out $cert
 
   echo "self-signed" > $flag

diff --git a/installer/build/scripts/systemd/vic_machine_server/configure_vic_machine_server.sh b/installer/build/scripts/systemd/vic_machine_server/configure_vic_machine_server.sh
@@ -43,8 +43,14 @@ function genCert {
     -out $csr -subj \
     "/C=US/ST=California/L=Palo Alto/O=VMware/OU=Containers on vSphere/CN=$hostname"
 
-  echo "Add subjectAltName = IP: $ip_address to certificate"
-  echo subjectAltName = IP:"$ip_address" > $ext
+  if [ -n "$hostname" ] && [ "$hostname" != "$ip_address" ]; then
+    san="subjectAltName = DNS:$hostname,IP:$ip_address"
+  else
+    san="subjectAltName = IP:$ip_address"
+  fi
+  echo "Add subjectAltName $san to certificate"
+  echo "$san" > $ext
+
   openssl x509 -req -days 1095 -in $csr -CA $ca_cert -CAkey $ca_key -CAcreateserial -extfile $ext -out $cert
 
   echo "Creating certificate chain for $cert"