From a52c56e57178d38d9b1d6d2528aae5ac3d712d2c Mon Sep 17 00:00:00 2001 From: Michael Kroes Date: Sun, 30 Jul 2017 14:11:39 +0200 Subject: [PATCH] only set the CN field when generating initial CSR to prevent issues with the php7 ppa version of openssl (#1223) OpenSSL 1.1.0f now validates the other subject fields and rejects the empty string (for the country?) because it isn't two characters. --- setup/ssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/ssl.sh b/setup/ssl.sh index ff368049..61b0b9e5 100755 --- a/setup/ssl.sh +++ b/setup/ssl.sh @@ -74,7 +74,7 @@ if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then CSR=/tmp/ssl_cert_sign_req-$$.csr hide_output \ openssl req -new -key $STORAGE_ROOT/ssl/ssl_private_key.pem -out $CSR \ - -sha256 -subj "/C=/ST=/L=/O=/CN=$PRIMARY_HOSTNAME" + -sha256 -subj "/CN=$PRIMARY_HOSTNAME" # Generate the self-signed certificate. CERT=$STORAGE_ROOT/ssl/$PRIMARY_HOSTNAME-selfsigned-$(date --rfc-3339=date | sed s/-//g).pem