From a52c56e57178d38d9b1d6d2528aae5ac3d712d2c Mon Sep 17 00:00:00 2001
From: Michael Kroes <michael@kroes.email>
Date: Sun, 30 Jul 2017 14:11:39 +0200
Subject: [PATCH] only set the CN field when generating initial CSR to prevent
 issues with the php7 ppa version of openssl (#1223)

OpenSSL 1.1.0f now validates the other subject fields and rejects the empty string (for the country?) because it isn't two characters.
---
 setup/ssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/ssl.sh b/setup/ssl.sh
index ff368049..61b0b9e5 100755
--- a/setup/ssl.sh
+++ b/setup/ssl.sh
@@ -74,7 +74,7 @@ if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then
 	CSR=/tmp/ssl_cert_sign_req-$$.csr
 	hide_output \
 	openssl req -new -key $STORAGE_ROOT/ssl/ssl_private_key.pem -out $CSR \
-	  -sha256 -subj "/C=/ST=/L=/O=/CN=$PRIMARY_HOSTNAME"
+	  -sha256 -subj "/CN=$PRIMARY_HOSTNAME"
 
 	# Generate the self-signed certificate.
 	CERT=$STORAGE_ROOT/ssl/$PRIMARY_HOSTNAME-selfsigned-$(date --rfc-3339=date | sed s/-//g).pem