From 71368b49c396e264a6866bb7a037746d8d9ca899 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Bouliane?= Date: Wed, 16 Nov 2016 17:59:59 -0500 Subject: [PATCH] Add DNS SubjectAltName to certificate recipe If a SubjectAltName is present, the certificates CommonName should be discarded by the clients. This ensure that people following the guide generates valid certificates. --- engine/security/https.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/security/https.md b/engine/security/https.md index 9f886796eb..ff3bf3c47c 100644 --- a/engine/security/https.md +++ b/engine/security/https.md @@ -78,7 +78,7 @@ Since TLS connections can be made via IP address as well as DNS name, they need to be specified when creating the certificate. For example, to allow connections using `10.10.10.20` and `127.0.0.1`: - $ echo subjectAltName = IP:10.10.10.20,IP:127.0.0.1 > extfile.cnf + $ echo subjectAltName = DNS:$HOST,IP:10.10.10.20,IP:127.0.0.1 > extfile.cnf $ openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \ -CAcreateserial -out server-cert.pem -extfile extfile.cnf