Closed smashwilson closed 9 years ago
For the specific use case of just having an ip, I think it would be sufficient to just a -i
(or something along those lines). According to http://apetec.com/support/GenerateSAN-CSR.htm, you can have multiple DNS
or IP
alternative names, so maybe the most general way to do this would be to add --ip
and --dns
flags, and allow multiple, and then add them in the order that they're given on the command line.
Ah, I guess getopts
doesn't actually support long flags, so maybe -i
and -d
rather than --ip
and --dns
.
Oh, actually there's more than just DNS and IP: https://www.openssl.org/docs/apps/x509v3_config.html#subject_alternative_name_
What I'd suggest then is that we add -s
and just let people format it correctly according to what they want, and link to the OpenSSL docs for a pointer for how to do it properly -- that way we can allow it to be fully general without having to add a ton of new flags.
I'm working on a pull request to do this now.
@jhamrick extended the original script to support attaching subject alternate names to the generated keypairs. It would be awesome to have that in here, too.
Maybe multiple
-h
options tosigned-keypair
would do it, with the first as the primary? Or we could use different args for the/CN
and the alternate names, either way.