Linux

In an effort to tidy up the infrastructure behind wicknet.dev, new hostnames and tls certificates were configured. Forge-related services now all run under some combination of .forge.lan, and so a certificate that covered forge.lan and its subdomains was in order. To do this, two files were created, forge.lan.conf and forge.lan.v3.ext: [ req ] default_bits = 4096 default_md = sha512 prompt = no encrypt_key = no # base request distinguished_name = req_distinguished_name # extensions req_extensions = v3_req # distinguished_name [ req_distinguished_name ] commonName = "forge.lan" # CN= countryName = "US" # C= organizationName = "WickNet" # O= authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = forge.lan DNS.2 = *.forge.lan In the wild, certificates issued by let’s encrypt that cover subdomains also include the base domain in the list of alternate names. This practice is mirrored here. ...