- Added support for wildcard certificates
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
diff --git a/programs/ssl/test-ca/gen_test_ca.sh b/programs/ssl/test-ca/gen_test_ca.sh
index 33a3a58..0c09652 100755
--- a/programs/ssl/test-ca/gen_test_ca.sh
+++ b/programs/ssl/test-ca/gen_test_ca.sh
@@ -58,6 +58,20 @@
cat sslconf.txt > sslconf_use.txt;echo "CN=PolarSSL Cert SHA512" >> sslconf_use.txt
openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_sha512.req -sha512
+cat sslconf.txt > sslconf_use.txt;echo "CN=*.example.com" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_wildcard.req
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=example.com" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example.req
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=www.example.com" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_www.req
+
+cat sslconf.txt > sslconf_use.txt;echo "CN=www.example.com" >> sslconf_use.txt
+echo "[ v3_req ]" >> sslconf_use.txt
+echo "subjectAltName = \"DNS:www.example.com,DNS:example.com,DNS:example.net\"" >> sslconf_use.txt
+openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_multi.req -reqexts "v3_req"
+
echo "Signing requests"
for i in server1 server2 client1 client2;
do
@@ -71,6 +85,12 @@
-batch -in cert_$i.req -md $i
done
+for i in example_wildcard example example_www example_multi;
+do
+ openssl ca -config sslconf.txt -out cert_$i.crt -passin pass:$PASSWORD \
+ -batch -in cert_$i.req
+done
+
echo "Revoking firsts"
openssl ca -batch -config sslconf.txt -revoke server1.crt -passin pass:$PASSWORD
openssl ca -batch -config sslconf.txt -revoke client1.crt -passin pass:$PASSWORD