esac
case $flags in
- client|server|clientserver|fclient|none)
+ client|server|clientserver|fclient|none|altname)
echo "Generating a $flags certificate"
echo $CA_DIR
CMD="openssl ca -in $filebase.req -out $filebase.cert -outdir $tmpdir \
create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" 1 proxy
create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
+ TYPE="altname"
+ CTYPE="altname"
+
+ create_cert $CERT_DIR/${catype}_${TYPE} "$catype/xxx.foo.bar" ${TYPE} $DAYS
+
+ TYPE="altname"
+ CTYPE="altname2"
+
+ create_cert $CERT_DIR/${catype}_${TYPE}2 "xxx.foo.bar" ${TYPE} $DAYS
+
+ TYPE="server"
+ CTYPE="server2"
+
+ create_cert $CERT_DIR/${catype}_${TYPE}2 "xxx.foo.bar" ${TYPE} $DAYS
+
TYPE="clientserver"
CTYPE="clientserver"
export REQ_CONFIG_FILE_SERIAL=$CA_DIR/req_conf_sn.cnf
export REQ_CONFIG_FILE_EMAIL=$CA_DIR/req_conf_email.cnf
export REQ_CONFIG_FILE_UID=$CA_DIR/req_conf_uid.cnf
+ export REQ_CONFIG_FILE_ALTNAME=$CA_DIR/req_conf_altname.cnf
export REQ_PROXY_CONFIG_FILE=$CA_DIR/req_proxy_conf.cnf
export REQ_PROXY_PROXY_CONFIG_FILE=$CA_DIR/req_proxy_proxy_conf.cnf
export PROXY_BITS=512
# For an object signing certificate this would be used.\r
# nsCertType = objsign\r
\r
+[ ca_altname ]\r
+# This is OK for an SSL server.\r
+nsCertType = server\r
+nsComment = "OpenSSL Generated Server Certificate"\r
+\r
+# For an object signing certificate this would be used.\r
+# nsCertType = objsign\r
+subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
+\r
[ ca_client ]\r
# For normal client use this is typical\r
nsCertType = client, email\r
git://scientific.zcu.cz / glite-security-test-utils.git / commitdiff