From 76eabf1f29523ce5c2868b5d8ae8bba1c56c5ff8 Mon Sep 17 00:00:00 2001
From: egerardus <51415416+egerardus@users.noreply.github.com>
Date: Tue, 23 Jun 2020 05:47:36 -0700
Subject: [PATCH] debian: add SAN when generating self-signed certs

Closes: #5547
---
 debian/jitsi-meet-web-config.postinst | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/debian/jitsi-meet-web-config.postinst b/debian/jitsi-meet-web-config.postinst
index ba0e4ffd4..ce13247a1 100644
--- a/debian/jitsi-meet-web-config.postinst
+++ b/debian/jitsi-meet-web-config.postinst
@@ -91,10 +91,14 @@ case "$1" in
                 CERT_CRT="/etc/jitsi/meet/$JVB_HOSTNAME.crt"
                 HOST="$( (hostname -s; echo localhost) | head -n 1)"
                 DOMAIN="$( (hostname -d; echo localdomain) | head -n 1)"
-                openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj \
+                openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj \
                     "/O=$DOMAIN/OU=$HOST/CN=$JVB_HOSTNAME/emailAddress=webmaster@$HOST.$DOMAIN" \
                     -keyout $CERT_KEY \
-                    -out $CERT_CRT
+                    -out $CERT_CRT \
+                    -reqexts SAN \
+                    -extensions SAN \
+                    -config <(cat /etc/ssl/openssl.cnf \
+                        <(printf '[SAN]\nsubjectAltName=DNS:localhost,DNS:$JVB_HOSTNAME,IP:$JVB_HOSTNAME')) \
             fi
         fi