miterion / dfnclient

Small python script for dfn certifiactes
https://pypi.org/project/dfnclient/
MIT License
7 stars 3 forks source link

Is it possible to specify altnames for the certificate on the config file or command line ? #6

Closed titansmc closed 4 years ago

titansmc commented 6 years ago

I have a certificate in the load balancer that has several altnames that I would like to add. Is that possible?

miterion commented 6 years ago

Sure, this can be added by an additional parameter on the commandline. I will try do implement this in the coming week

miterion commented 6 years ago

I investigated this today and it seems that this implies a rewrite of the generation system. As far as I know it is only possible to specify alt names for openssl by using a config file.

Currently all certificate attributes are submitted using the cli interface of openssl, which does not have any options for this.

titansmc commented 6 years ago

right, this what I've noticed too. I am not sure how we should approach it, but definitely specifying altnames should be easy, at least we need the cert to be valid for domain.com and www.domain.com most of the times.... We also need to base a CSR on a config file because we are adding domains to this config file (we are constantly adding altnames on the Load Balancer) Maybe we could add an option to generate a openssl config file, and then a different option to generate CSR given a specific openssl conf file.

Missatge de Heiko Carrasco notifications@github.com del dia dl., 15 d’oct. 2018 a les 10:07:

I investigated this today and it seems that this implies a rewrite of the generation system. As far as I know it is only possible to specify alt names for openssl by using a config file.

Currently all certificate attributes are submitted using the cli interface of openssl, which does not have any options for this.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Miterion/dfnclient/issues/6#issuecomment-429747423, or mute the thread https://github.com/notifications/unsubscribe-auth/AH0AYIIio53ww5I0RaIGO7E2DmS0HF1Eks5ulEJBgaJpZM4XVdlE .

--

http://www.arruixaqueplou.org http://www.terradelfoc.blogspot.com

miterion commented 6 years ago

I talked with my supervisor about this and we think that it would be the best idea to switch completely to openssl config files. Will but this on the to do list

titansmc commented 4 years ago

I think it is already implemented. Closing it.