From 17bb4d127167d014b9a79d43ffea390f6aa2c167 Mon Sep 17 00:00:00 2001
From: apavlov <apavlov@olsson.ul>
Date: Thu, 11 Jul 2024 00:59:00 +0300
Subject: [PATCH] fix cnf

---
 roles/rproxy/tasks/main.yml          |  2 +-
 roles/rproxy/templates/server.cnf.j2 | 11 ++++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml
index 8699218..3c3bc94 100644
--- a/roles/rproxy/tasks/main.yml
+++ b/roles/rproxy/tasks/main.yml
@@ -83,7 +83,7 @@
 
     - name: Sign server certificate
       ansible.builtin.shell:
-        cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.csr -out {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.crt -CAcreateserial -extfile {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.cnf'
+        cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.csr -out {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.crt -CAcreateserial -config {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.cnf -days 365'
 
     - name: Create fullchain certificate
       ansible.builtin.shell:
diff --git a/roles/rproxy/templates/server.cnf.j2 b/roles/rproxy/templates/server.cnf.j2
index cb6e916..323b0c9 100644
--- a/roles/rproxy/templates/server.cnf.j2
+++ b/roles/rproxy/templates/server.cnf.j2
@@ -1,8 +1,8 @@
 [ req ]
 prompt                 = no
-days                   = 365
 distinguished_name     = {{ rproxy_service_name }}.{{ domain.stdout }}
 req_extensions         = v3_req
+x509_extensions		   = v3_x509
 
 
 [ {{  rproxy_service_name  }}.{{ domain.stdout }} ]
@@ -16,9 +16,14 @@ emailAddress           = admin@{{ domain.stdout }}
 
 [ v3_req ]
 basicConstraints       = CA:false
-keyUsage       = digitalSignature, keyEncipherment
+keyUsage               = digitalSignature, keyEncipherment
+subjectAltName         = @sans
+
+[ v3_x509 ]
+basicConstraints       = CA:false
+keyUsage               = digitalSignature, keyEncipherment
 subjectAltName         = @sans
 
 [ sans ]
-DNS.1 = *.{{ domain.stdout }}
+DNS.1 = {{ rproxy_service_name }}.{{ domain.stdout }}
 IP.1 = {{ rproxy_service_address }}
\ No newline at end of file