Support Subject Alternate Names

[smashwilson]

@jhamrick extended the original script to support attaching subject alternate names to the generated keypairs. It would be awesome to have that in here, too.

Maybe multiple -h options to signed-keypair would do it, with the first as the primary? Or we could use different args for the /CN and the alternate names, either way.

[jhamrick]

For the specific use case of just having an ip, I think it would be sufficient to just a -i (or something along those lines). According to http://apetec.com/support/GenerateSAN-CSR.htm, you can have multiple DNS or IP alternative names, so maybe the most general way to do this would be to add --ip and --dns flags, and allow multiple, and then add them in the order that they're given on the command line.

[jhamrick]

Ah, I guess getopts doesn't actually support long flags, so maybe -i and -d rather than --ip and --dns.

[jhamrick]

Oh, actually there's more than just DNS and IP: https://www.openssl.org/docs/apps/x509v3_config.html#subject_alternative_name_

What I'd suggest then is that we add -s and just let people format it correctly according to what they want, and link to the OpenSSL docs for a pointer for how to do it properly -- that way we can allow it to be fully general without having to add a ton of new flags.

I'm working on a pull request to do this now.