[INSTRM-235] Add SAN to libvirt certs Created: 17/Oct/17 Updated: 15/Nov/17 Resolved: 15/Nov/17 |
|
| Status: | Done |
| Project: | Instrument control development |
| Component/s: | ics_ansible |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Normal |
| Reporter: | shimono | Assignee: | shimono |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Epic Link: | vm-mgmt | ||||||||
| Sprint: | 2017-10A | ||||||||
| Reviewers: | yuki.moritani | ||||||||
| Description |
|
Add SAN to libvirt certs (and script to build them), to enable access both with IP address and hostname. |
| Comments |
| Comment by shimono [ 19/Oct/17 ] |
|
tentative lines (not blushed, bare parameters), requires bash. openssl req -new -newkey rsa:2048 -nodes -days 1825 -sha256 -out newcerts/10.100.200.146-2.csr -keyout private/10.100.200.146-2.key -subj "/C=JP/ST=Chiba/L=Kashiwa/O=PFS/CN=10.100.200.146" -extensions SAN -config <( cat ./virt-pki.cnf <(printf "[SAN]\nsubjectAltName='DNS:10.100.200.146,DNS:dlc2-vm,DNS:dlc2-vm.pfs.ipmu.jp'")) -reqexts SAN openssl ca -config <(cat ./virt-pki.cnf <(printf "[SAN]\nsubjectAltName='DNS:10.100.200.146,DNS:dlc2-vm,DNS:dlc2-vm.pfs.ipmu.jp'")) -days 1825 -extensions SAN -policy policy_anything -out certs/10.100.200.146-2.pem -infiles newcerts/10.100.200.146-2.csr |
| Comment by shimono [ 20/Oct/17 ] |
|
after building simple environment, add this to role/scripts made by |
| Comment by shimono [ 24/Oct/17 ] |
|
r? at PR. |
| Comment by shimono [ 15/Nov/17 ] |
|
merged. |