removed CA-chain functions. added wildcard generation files

2025-12-17 19:43:22 +00:00
parent fd163dfcfd
commit 7dbb791614
4 changed files with 50 additions and 1 deletions
--- a/redeploydocker.sh
+++ b/redeploydocker.sh
@@ -49,7 +49,11 @@ sudo docker exec -it -u step:step step-ca openssl pkcs12 -export -out ./certs/ha
 # sudo docker exec -it -u step:step step-ca openssl verify -CAfile ./certs/ca-chain.crt ./certs/intermediate_ca.crt

 echo "Generating Server Wildcard Certificate"
-sudo docker exec -it step-ca openssl req -new -key haven-wildcard.key -out haven-wildcard.csr -config haven-wildcard.csr.cnf
+#sudo docker exec -it step-ca openssl req -new -key haven-wildcard.key -out haven-wildcard.csr -config haven-wildcard.csr.cnf
+sudo docker exec -it -u step:step step-ca openssl genpkey -algorithm RSA -out ./secrets/haven-wildcard.key -pass pass:Swissbank01
+sudo docker exec -it -u step:step step-ca openssl req -new -key ./secrets/haven-wildcard.key -out ./certs/haven-wildcard.csr -config ./haven-wildcard.csr.cnf -passin pass:Swissbank01
+sudo docker exec -it -u step:step step-ca openssl x509 -req -in ./certs/haven-wildcard.csr -CA ./certs/intermediate_ca.crt -CAkey ./secrets/intermediate_ca_key -passin pass:Swissbank01 -CAcreateserial -out ./certs/haven-wildcard.crt -days 365 -sha256
+
 # https://docs.openssl.org/master/man1/openssl-req/
 # https://docs.openssl.org/master/man1/openssl-x509/
 # https://docs.openssl.org/master/man1/openssl-passphrase-options/
--- a/step-ca/csr_config_wildcard.cnf
+++ b/step-ca/csr_config_wildcard.cnf
@@ -0,0 +1,22 @@
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+req_extensions = req_ext
+distinguished_name = dn
+
+[dn]
+C=NZ
+ST=Manawatu
+L=Palmerston North
+O=HAVEN
+OU=Hosting
+emailAddress=admin@hvn.nz
+CN = *.hvn.nz
+
+[req_ext]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = *.hvn.nz
+DNS.2 = hvn.nz
--- a/step-ca/docker-compose.yaml
+++ b/step-ca/docker-compose.yaml
@@ -6,6 +6,7 @@ services:
          FROM smallstep/step-ca
          USER root
          COPY ./havenuser.csr.cnf /home/step/
+          COPY ./haven-wildcard.csr.cnf /home/step/
          RUN chown step:step -R /home/step/
          RUN apk add --no-cache openssl
          USER step
--- a/step-ca/haven-wildcard.csr.cnf
+++ b/step-ca/haven-wildcard.csr.cnf
@@ -0,0 +1,22 @@
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+req_extensions = req_ext
+distinguished_name = dn
+
+[dn]
+C=NZ
+ST=Manawatu
+L=Palmerston North
+O=HAVEN
+OU=Hosting
+emailAddress=admin@hvn.nz
+CN = *.hvn.nz
+
+[req_ext]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = *.hvn.nz
+DNS.2 = hvn.nz