From 047afbc09628f928810fd8ae6a3fee96acaaddad Mon Sep 17 00:00:00 2001
From: Xifeng Zou <90731+zouxifeng@users.noreply.github.com>
Date: Mon, 23 Oct 2023 16:23:34 +0800
Subject: [PATCH] add subjectAltName field into self signed certificate

Current install script only fills CN field with PUBLIC_HOST value. When
trying to access api and provide the self signed certificate to verify
server certificate, the request will fail with SSL:
CERTIFICATE_VERIFY_FAILED error.

To prevent this error, the install script should add "subjectAltName =
IP.1:${PUBLIC_HOST}" when generating self signed certificate.

```python
import requests
requests.get('https://${API_PREFIX}/access-keys',verify='shadowbox-selfsigned.crt')
```
---
 src/server_manager/install_scripts/install_server.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/server_manager/install_scripts/install_server.sh b/src/server_manager/install_scripts/install_server.sh
index e2c125c62..9ff3dea72 100755
--- a/src/server_manager/install_scripts/install_server.sh
+++ b/src/server_manager/install_scripts/install_server.sh
@@ -265,6 +265,7 @@ function generate_certificate() {
   declare -a openssl_req_flags=(
     -x509 -nodes -days 36500 -newkey rsa:4096
     -subj "/CN=${PUBLIC_HOSTNAME}"
+    -addext "subjectAltName = IP.1:${PUBLIC_HOSTNAME}"
     -keyout "${SB_PRIVATE_KEY_FILE}" -out "${SB_CERTIFICATE_FILE}"
   )
   openssl req "${openssl_req_flags[@]}" >&2