From 2c1726479ea47d768b442dcbb9d5823c44658476 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Tue, 24 Nov 2015 16:36:14 +0200
Subject: [PATCH] - Don't set alternative names for CA cert. - Set default hash
 to sha256. - Rename domain variable to cn to be more understood.

---
 ssl-ca | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/ssl-ca b/ssl-ca
index 8351a4f..8dc728a 100755
--- a/ssl-ca
+++ b/ssl-ca
@@ -11,7 +11,7 @@ dir = $PWD
 certs = \$dir/certs
 certificate = \$dir/CA.crt
 private_key = \$dir/CA.key
-default_md = sha1
+default_md = sha256
 default_days = 365
 email_in_dn = no
 RANDFILE = /dev/urandom
@@ -21,7 +21,7 @@ database = /dev/null
 distinguished_name = req_distinguished_name
 prompt = no
 encrypt_key = no
-default_md = sha1
+default_md = sha256
 default_bits = 2048
 RANDFILE = /dev/urandom
 
@@ -32,15 +32,14 @@ RANDFILE = /dev/urandom
 #O = Organization name
 #OU = Organizational unit
 #emailAddress = email address
-CN = \${ENV::domain}
+CN = \${ENV::cn}
 
 [ v3_ca ]
 basicConstraints = CA:true
-subjectAltName = DNS:*.\${ENV::domain}, DNS:*.*.\${ENV::domain}
 
 [ v3_req ]
 basicConstraints = CA:false
-subjectAltName = DNS:*.\${ENV::domain}
+subjectAltName = DNS:*.\${ENV::cn}
 "
 
 usage () {
@@ -48,7 +47,7 @@ usage () {
 }
 
 init () {
-    export domain="$(basename $PWD)"
+    export cn="$(basename $PWD)"
     mkdir -p certs keys
     if [ -e openssl.cnf ]
     then
@@ -90,7 +89,7 @@ sign_key () {
         exit 1
     fi
     csr="$(mktemp -t ssl-ca-XXXXXXXXX)"
-    export domain="$1.$(basename $PWD)"
+    export cn="$1.$(basename $PWD)"
     openssl req \
         -key keys/$1 \
         -new \
-- 
GitLab