Skip to content

Commit

Permalink
add subjectAltName field into self signed certificate
Browse files Browse the repository at this point in the history 
Current install script only fills CN field with PUBLIC_HOST value. When
trying to access api and provide the self signed certificate to verify
server certificate, the request will fail with SSL:
CERTIFICATE_VERIFY_FAILED error.

To prevent this error, the install script should add "subjectAltName =
IP.1:${PUBLIC_HOST}" when generating self signed certificate.

```python
import requests
requests.get('https://${API_PREFIX}/access-keys',verify='shadowbox-selfsigned.crt')
```
  • Loading branch information
@zouxifeng
zouxifeng committed Oct 23, 2023
1 parent e157315 commit 047afbc
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions src/server_manager/install_scripts/install_server.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,7 @@ function generate_certificate() {
declare -a openssl_req_flags=(
-x509 -nodes -days 36500 -newkey rsa:4096
-subj "/CN=${PUBLIC_HOSTNAME}"
-addext "subjectAltName = IP.1:${PUBLIC_HOSTNAME}"
-keyout "${SB_PRIVATE_KEY_FILE}" -out "${SB_CERTIFICATE_FILE}"
)
openssl req "${openssl_req_flags[@]}" >&2
Expand Down

0 comments on commit 047afbc

Please sign in to comment.