add SAN crypki to tls server cert (#153)

Co-authored-by: Po-Yao Chen <[email protected]>
theparanoids · Mar 7, 2022 · e7fbcd2 · e7fbcd2
1 parent 0ac26c4
commit e7fbcd2
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/docker-softhsm/gen-crt.sh b/docker-softhsm/gen-crt.sh
@@ -38,8 +38,9 @@ openssl \
 	-subj "/C=US/CN=localhost" \
   -out server.csr
 
-# sign server.csr by root CA 
-openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 36500 -sha256
+# sign server.csr by root CA
+# add SAN `crypki` for docker network access.
+openssl x509 -req -extfile <(printf "subjectAltName=DNS:crypki") -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 36500 -sha256
 
 
 # for mutual TLS