k9ert · April 29, 2020 02:39 · veritasdigitalis · Apr 29, 2020
diff --git a/certificate.txt b/certificate.txt
 # openssl x509 -in alice-tls.cert -text -noout
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d6:a0:86:69:7e:b8:e1:ac
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: CN=localhost, O=lnd
        Validity
            Not Before: Jun 24 11:03:12 2018 GMT
            Not After : May 31 11:03:12 2118 GMT
        Subject: CN=localhost, O=lnd
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:7a:d8:7d:de:12:81:d9:9e:66:ea:c8:53:e6:2e:
                    7c:91:1c:0d:fa:19:0d:a2:2a:73:06:77:89:67:84:
                    73:78:e6:03:7d:84:a3:01:f7:5f:62:be:1e:47:90:
                    d1:0e:aa:e2:56:cc:f5:d9:7a:78:50:20:16:69:ba:
                    84:ee:b6:8a:e6
                ASN1 OID: prime256v1
        X509v3 extensions:
            X509v3 Subject Alternative Name:
                DNS:alice
    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:21:00:97:03:9c:bf:c1:70:c2:8f:e1:97:a8:0c:83:
         c6:ed:28:37:57:f7:c3:6c:ed:47:71:7a:ba:eb:34:7e:c4:f5:
         5f:02:20:73:36:8a:5b:12:78:72:1c:ed:6c:54:21:8d:8c:68:
         71:34:67:9a:55:2e:c0:40:03:9c:c2:75:b7:f2:b6:b2:f8
diff --git a/created_via.sh b/created_via.sh
        openssl ecparam -genkey -name prime256v1 -out ${LND_OWNER}-tls.key
        openssl req -new -sha256 \
            -key ${LND_OWNER}-tls.key \
            -subj "/CN=localhost/O=lnd" \
            -reqexts SAN \
            -config <(cat /etc/ssl/openssl.cnf \
                <(printf "\n[SAN]\nsubjectAltName=DNS:${LND_OWNER}")) \
            -out csr.csr
        openssl csr -in csr.csr -text -noout # contains the subjectAltName
        openssl req -x509 -sha256 -days 36500 \
            -key ${LND_OWNER}-tls.key \
            -in csr.csr -out ${LND_OWNER}-tls.cert \
            -extensions SAN \
            -config <(cat /etc/ssl/openssl.cnf \
                <(printf "\n[SAN]\nsubjectAltName=DNS:${LND_OWNER}"))
        openssl x509 -in ${LND_OWNER}-tls.cert -text -noout
	# openssl x509 -in alice-tls.cert -text -noout
	Certificate:
	Data:
	Version: 3 (0x2)
	Serial Number:
	d6:a0:86:69:7e:b8:e1:ac
	Signature Algorithm: ecdsa-with-SHA256
	Issuer: CN=localhost, O=lnd
	Validity
	Not Before: Jun 24 11:03:12 2018 GMT
	Not After : May 31 11:03:12 2118 GMT
	Subject: CN=localhost, O=lnd
	Subject Public Key Info:
	Public Key Algorithm: id-ecPublicKey
	Public-Key: (256 bit)
	pub:
	04:7a:d8:7d:de:12:81:d9:9e:66:ea:c8:53:e6:2e:
	7c:91:1c:0d:fa:19:0d:a2:2a:73:06:77:89:67:84:
	73:78:e6:03:7d:84:a3:01:f7:5f:62:be:1e:47:90:
	d1:0e:aa:e2:56:cc:f5:d9:7a:78:50:20:16:69:ba:
	84:ee:b6:8a:e6
	ASN1 OID: prime256v1
	X509v3 extensions:
	X509v3 Subject Alternative Name:
	DNS:alice
	Signature Algorithm: ecdsa-with-SHA256
	30:45:02:21:00:97:03:9c:bf:c1:70:c2:8f:e1:97:a8:0c:83:
	c6:ed:28:37:57:f7:c3:6c:ed:47:71:7a:ba:eb:34:7e:c4:f5:
	5f:02:20:73:36:8a:5b:12:78:72:1c:ed:6c:54:21:8d:8c:68:
	71:34:67:9a:55:2e:c0:40:03:9c:c2:75:b7:f2:b6:b2:f8
	openssl ecparam -genkey -name prime256v1 -out ${LND_OWNER}-tls.key
	openssl req -new -sha256 \
	-key ${LND_OWNER}-tls.key \
	-subj "/CN=localhost/O=lnd" \
	-reqexts SAN \
	-config <(cat /etc/ssl/openssl.cnf \
	<(printf "\n[SAN]\nsubjectAltName=DNS:${LND_OWNER}")) \
	-out csr.csr
	openssl csr -in csr.csr -text -noout # contains the subjectAltName
	openssl req -x509 -sha256 -days 36500 \
	-key ${LND_OWNER}-tls.key \
	-in csr.csr -out ${LND_OWNER}-tls.cert \
	-extensions SAN \
	-config <(cat /etc/ssl/openssl.cnf \
	<(printf "\n[SAN]\nsubjectAltName=DNS:${LND_OWNER}"))
	openssl x509 -in ${LND_OWNER}-tls.cert -text -noout