Skip to content

Commit 71368b4

Browse files
fboulianefbouliane
committed
Add DNS SubjectAltName to certificate recipe
If a SubjectAltName is present, the certificates CommonName should be discarded by the clients. This ensure that people following the guide generates valid certificates.
1 parent bd61991 commit 71368b4

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

engine/security/https.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ Since TLS connections can be made via IP address as well as DNS name, they need
7878
to be specified when creating the certificate. For example, to allow connections
7979
using `10.10.10.20` and `127.0.0.1`:
8080

81-
$ echo subjectAltName = IP:10.10.10.20,IP:127.0.0.1 > extfile.cnf
81+
$ echo subjectAltName = DNS:$HOST,IP:10.10.10.20,IP:127.0.0.1 > extfile.cnf
8282

8383
$ openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
8484
-CAcreateserial -out server-cert.pem -extfile extfile.cnf

0 commit comments

Comments
 (0)