From c5f541d513fe37747443aa23176611175f0cd440 Mon Sep 17 00:00:00 2001
From: Ralf Jung <post@ralfj.de>
Date: Sun, 6 Dec 2015 17:14:41 +0100
Subject: [PATCH] add script to generate CSR's with subjectAltName

---
 gencsr.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100755 gencsr.sh

diff --git a/gencsr.sh b/gencsr.sh
new file mode 100755
index 0000000..a419359
--- /dev/null
+++ b/gencsr.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+set -e
+## ./gencsr.sh KEY.key DOMAIN1 DOMAIN2: Generate (to stdout) a CSR for this key, for all the domains listed later
+
+KEY="$1"
+shift
+
+test -f "$KEY" || (echo "Usage: $0 KEY.key DOMAIN1 DOMAIN2"; exit 1)
+
+openssl req -new -sha256 -key "$1" -subj "/" -reqexts SAN \
+  -config <(cat /etc/ssl/openssl.cnf \
+  <(echo "[SAN]"; echo -n "subjectAltName="; unset COMMA; \
+    for domain in "$@"; do test -n "$COMMA" && echo -n ","; echo -n "DNS:$domain"; COMMA=1; done; echo) \
+  )
-- 
2.30.2