|
|
|
@ -226,6 +226,7 @@ SERVER_TYPE="https" |
|
|
|
SKIP_HTTP_TOKEN_CHECK="false" |
|
|
|
SSLCONF="$(openssl version -d 2>/dev/null| cut -d\" -f2)/openssl.cnf" |
|
|
|
OCSP_MUST_STAPLE="false" |
|
|
|
MS_LDAPS="false" |
|
|
|
TEMP_UPGRADE_FILE="" |
|
|
|
TOKEN_USER_ID="" |
|
|
|
USE_SINGLE_ACL="false" |
|
|
|
@ -641,6 +642,11 @@ create_csr() { # create a csr using a given key (if it doesn't already exist) |
|
|
|
if [[ "$OCSP_MUST_STAPLE" == "true" ]]; then |
|
|
|
printf "\n1.3.6.1.5.5.7.1.24 = DER:30:03:02:01:05" >> "$tmp_conf" |
|
|
|
fi |
|
|
|
# this is required if you want to use LDAP over SSL in Microsoft Active Directory |
|
|
|
# see also: https://serverfault.com/a/573038 and https://support.microsoft.com/en-us/help/321051/ |
|
|
|
if [[ "$MS_LDAPS" == "true" ]]; then |
|
|
|
printf "\nextendedKeyUsage = 1.3.6.1.5.5.7.3.1" >> "$tmp_conf" |
|
|
|
fi |
|
|
|
openssl req -new -sha256 -key "$csr_key" -subj "$CSR_SUBJECT" -reqexts SAN -config "$tmp_conf" > "$csr_file" |
|
|
|
rm -f "$tmp_conf" |
|
|
|
fi |
|
|
|
|
Yannic Haupenthal
6 years ago