From 4b1581a71c7b7c1b26ce726b9d0ac24f880d76cf Mon Sep 17 00:00:00 2001
From: Achilleas Koutsou <achilleas@koutsou.net>
Date: Fri, 15 Jan 2021 16:09:09 +0100
Subject: [PATCH] tools: Add internal container names to certs

We add both localhost and the internal container names of each service
to the certificates so both VM and containerised setups should work with
the same setup.
---
 tools/gen-certs.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/gen-certs.sh b/tools/gen-certs.sh
index 2eb86cf12..c60327990 100755
--- a/tools/gen-certs.sh
+++ b/tools/gen-certs.sh
@@ -45,7 +45,7 @@ pushd "$CADIR"
         -new -nodes \
         -out /tmp/composer-csr.pem \
         -subj "/CN=localhost/emailAddress=osbuild@example.com" \
-        -addext "subjectAltName=DNS:localhost"
+        -addext "subjectAltName=DNS:localhost, DNS:composer"
 
     openssl ca -batch -config "$OPENSSL_CONFIG" \
         -extensions osbuild_server_ext \
@@ -58,7 +58,7 @@ pushd "$CADIR"
         -new -nodes \
         -out /tmp/worker-csr.pem \
         -subj "/CN=localhost/emailAddress=osbuild@example.com" \
-        -addext "subjectAltName=DNS:localhost"
+        -addext "subjectAltName=DNS:localhost, DNS:worker"
 
     openssl ca -batch -config "$OPENSSL_CONFIG" \
         -extensions osbuild_client_ext \