From 9bb635a301d128905786f161f25171861a82572c Mon Sep 17 00:00:00 2001
From: Fernando Verdugo <fernando.verdugo@upc.edu>
Date: Tue, 17 Sep 2024 13:20:29 +0200
Subject: [PATCH] fix(certs): change to create certs v3

add a v3.ext file with arguments
---
 docs/docs/create_cert.sh | 8 ++++----
 docs/docs/v3.ext         | 6 ++++++
 2 files changed, 10 insertions(+), 4 deletions(-)
 create mode 100644 docs/docs/v3.ext

diff --git a/docs/docs/create_cert.sh b/docs/docs/create_cert.sh
index d2c89ba32..beca4cc83 100755
--- a/docs/docs/create_cert.sh
+++ b/docs/docs/create_cert.sh
@@ -14,11 +14,11 @@ SERVER_KEY=server-key.pem
 
 # creating a key for our ca
 if [ ! -e ca-key.pem ]; then
-    openssl genrsa -aes256 -out ca-key.pem 2048
+    openssl genrsa -des3 -out ca-key.pem 2048
 fi
 # creating a ca
 if [ ! -e ca-cert.pem ]; then
-    openssl req -new -x509 -days 1095 -key ca-key.pem -out ca-cert.pem \
+    openssl req -new -x509 -nodes -sha256 -days 1095 -key ca-key.pem -out ca-cert.pem \
         -subj "${SUBJECT}/CN=my CA"
 fi
 # create server key
@@ -27,11 +27,11 @@ if [ ! -e $SERVER_KEY ]; then
 fi
 # create a certificate signing request (csr)
 if [ ! -e server-key.csr ]; then
-    openssl req -new -key $SERVER_KEY -out server-key.csr -subj "$SUBJECT/CN=$SERVER_IP"
+    openssl req -new -nodes -key $SERVER_KEY -out server-key.csr -subj "$SUBJECT/CN=$SERVER_IP"
 fi
 # signing our server certificate with this ca
 if [ ! -e server-cert.pem ]; then
-    openssl x509 -req -days 1095 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
+    openssl x509 -req -days 1095 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem -CAcreateset_serial -out server-cert.pem -sha256 -extfile v3.ext
 fi
 
 # now create a key that doesn't require a passphrase
diff --git a/docs/docs/v3.ext b/docs/docs/v3.ext
new file mode 100644
index 000000000..ab54fd7a4
--- /dev/null
+++ b/docs/docs/v3.ext
@@ -0,0 +1,6 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = your_servername