Skip to content

Commit ca50bd0

Browse files
FishdrownedFishdrowned
committed
refactor: multiple domain support
1 parent 51cebcf commit ca50bd0

File tree

3 files changed

+20
-8
lines changed

3 files changed

+20
-8
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,3 @@
11
/out
22
/deploy-passport.sh
3+
/cert.all.sh

README.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,12 @@
1212
假设你的项目网站是 `example.dev`,CDN 网站设置为 `cdn.example.dev`
1313
你只需在 `nginx` 里面配置一个网站,`server_name` 同时填写 `example.dev`
1414
`cdn.example.dev`,它们可以使用同一个 `*.example.dev` 的证书。
15+
1. 现在你只需要一个证书,就可以搞定所有项目网站!
16+
17+
我当时怎么没想到可以这样用 `SAN`
18+
```ini
19+
subjectAltName=DNS:*.one.dev,DNS:one.dev,DNS:*.two.dev,DNS:two.dev,DNS:*.three.dev,DNS:three.dev,DNS:*.four.dev,DNS:four.dev
20+
```
1521

1622
## 系统要求
1723
1. Linux,openssl
@@ -36,10 +42,12 @@
3642

3743
### 2. 用 gen.cert.sh 生成网站证书
3844
```bash
39-
./gen.cert.sh <domain>
45+
./gen.cert.sh <domain> [<domain2>] [<domain3>] [<domain4>] ...
4046
```
4147
`<domain>` 替换成你的域名,例如 `example.dev`
4248

49+
如果有多个项目网站,可以把所有网站都加上去,用空格隔开。
50+
4351
生成的证书位于:
4452
```text
4553
ssl/out/<domain>-<date>-<time>/<domain>.cert.pem

gen.cert.sh

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,20 @@ then
55
echo
66
echo 'Issue a wildcard SSL certification with Fishdrowned ROOT CA'
77
echo
8-
echo 'Usage: ./gen.cert.sh <domain>'
8+
echo 'Usage: ./gen.cert.sh <domain> [<domain2>] [<domain3>] [<domain4>] ...'
99
echo ' <domain> The domain name of your site, like "example.dev",'
1010
echo ' you will get a certification for *.example.dev'
11+
echo ' Multiple domains are acceptable'
1112
exit;
1213
fi
1314

15+
SAN=""
16+
for var in "$@"
17+
do
18+
SAN+="DNS:*.${var},DNS:${var},"
19+
done
20+
SAN=${SAN: : -1}
21+
1422
# Move to root directory
1523
cd "$(dirname "${BASH_SOURCE[0]}")"
1624

@@ -23,7 +31,7 @@ openssl req -new -out "${DIR}/$1.csr.pem" \
2331
-key out/root.key.pem \
2432
-reqexts SAN \
2533
-config <(cat /etc/ssl/openssl.cnf \
26-
<(printf "[SAN]\nsubjectAltName=DNS:*.$1,DNS:$1")) \
34+
<(printf "[SAN]\nsubjectAltName=${SAN}")) \
2735
-subj "/C=CN/ST=Guangdong/L=Guangzhou/O=Fishdrowned/OU=$1/CN=*.$1"
2836

2937
# Issue certification
@@ -37,8 +45,3 @@ cat "${DIR}/$1.cert.pem" ./out/root.cert.pem > "${DIR}/$1.bundle.cert.pem"
3745
echo
3846
echo "Certifications are located in:"
3947
find "${DIR}/" -type f
40-
41-
if [ "$2" ]
42-
then
43-
$2 "${DIR}/$1"
44-
fi

0 commit comments

Comments
 (0)