upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-04-26 16:47:40 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

evidently, current best practice is to include ALL DNS names, including the primary name, as SANs

Browse source
This commit is contained in:
Seth Schoen 2012-08-10 16:26:25 -07:00
parent 12ef7489ec
commit 8b082f9fde
1 changed files with 3 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
server-ca/CSR.py
View file

@ -241,10 +241,9 @@ subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
nsComment = "Chocolatey"
""")
if subjects[1:]:
san_line = "subjectAltName="
san_line += ",".join("DNS:%s" % n for n in subjects[1:]) + "\n"
ext_tmp.write(san_line)
san_line = "subjectAltName="
san_line += ",".join("DNS:%s" % n for n in subjects) + "\n"
ext_tmp.write(san_line)
ext_tmp.flush()
ret = subprocess.Popen(["./CA.sh", "-complete", dn, ext_tmp.name, csr_tmp.name, cert_tmp.name],shell=False,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE).wait()
if ret == 0: