hd/cfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix gen-tls-cert script

Browse source
This commit is contained in:
Henri Dohmen 2025-10-26 11:52:20 +01:00
parent 6aa65154f7
commit 6e4483c7fe
Signed by: hd
GPG key ID: AB79213B044674AE
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
bin/gen-tls-cert
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
tmp=$(mktemp -d) tmp=$(mktemp -d)
trap 'rm -rf -- "$keyfile"' EXIT trap 'rm -rf -- "$tmp"' EXIT
# ref https://stackoverflow.com/questions/59738140/why-is-firefox-not-trusting-my-self-signed-certificate # ref https://stackoverflow.com/questions/59738140/why-is-firefox-not-trusting-my-self-signed-certificate
openssl req -x509 -nodes \ openssl req -x509 -nodes \
@ -8,7 +8,7 @@ openssl req -x509 -nodes \
-keyout "$tmp/ca.key" \ -keyout "$tmp/ca.key" \
-days 365 \ -days 365 \
-out "$tmp/ca.cert" \ -out "$tmp/ca.cert" \
-subj '/CN=hd_root' \ -subj '/CN=hd_root'
rm secrets/tlskey.age rm secrets/tlskey.age
openssl req -nodes \ openssl req -nodes \
@ -27,4 +27,4 @@ openssl x509 -req \
-CAcreateserial \ -CAcreateserial \
-extfile <(printf "subjectAltName=DNS:roam.lan,DNS:*.roam.lan\nauthorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage=digitalSignature,keyEncipherment\nextendedKeyUsage=serverAuth") -extfile <(printf "subjectAltName=DNS:roam.lan,DNS:*.roam.lan\nauthorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage=digitalSignature,keyEncipherment\nextendedKeyUsage=serverAuth")
mv "$tmp/ca.cert" pki/ca.cert mv "$tmp/ca.cert" pki/ca.cert