From a9e5abf3b1e1bafe8010d95da4ab4d89344c574b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A9ctor=20Molinero=20Fern=C3=A1ndez?=
 <hector@molinero.dev>
Date: Tue, 1 Jun 2021 20:53:16 +0200
Subject: [PATCH] Generate RDP certificate with Subject Alternative Name (SAN)

---
 scripts/bin/container-init | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/scripts/bin/container-init b/scripts/bin/container-init
index 6db744b..3aeb332 100755
--- a/scripts/bin/container-init
+++ b/scripts/bin/container-init
@@ -92,18 +92,14 @@ fi
 
 # Generate RDP certificate if it does not exist
 if [ ! -f "${XRDP_TLS_KEY_PATH:?}" ] || [ ! -f "${XRDP_TLS_CRT_PATH:?}" ]; then
-	KEY_FILE=${XRDP_TLS_KEY_PATH:?}
-	CRT_FILE=${XRDP_TLS_CRT_PATH:?}
-	CSR_FILE=$(mktemp -u)
+	FQDN=$(hostname --fqdn)
 
 	(umask 077 \
-		&& openssl genrsa -out "${KEY_FILE:?}" 2048 \
+		&& openssl genrsa -out "${XRDP_TLS_KEY_PATH:?}" 2048 \
 	) >/dev/null
 
 	(umask 022 \
-		&& openssl req -new -subj "/CN=$(uname -n)" -key "${KEY_FILE:?}" -out "${CSR_FILE:?}" \
-		&& openssl x509 -req -days 3650 -signkey "${KEY_FILE:?}" -in "${CSR_FILE:?}" -out "${CRT_FILE:?}" \
-		&& rm -f "${CSR_FILE:?}" \
+		&& openssl req -x509 -subj "/CN=${FQDN:?}" -addext "subjectAltName=DNS:${FQDN:?}" -days 3650 -key "${XRDP_TLS_KEY_PATH:?}" > "${XRDP_TLS_CRT_PATH:?}" \
 	) >/dev/null
 fi