add --nosan argument

gencert.sh

@@ -17,7 +17,8 @@ print_help() {
   --days     - server cert expiration in days\t(default: 365)
   --cakey    - CA key name\t\t\t(default: ca.key)
   --ca       - CA cert name\t\t\t(default: ca.crt)
-  --cadays   - CA cert expiration in days\t(default: 3650)\n"
+  --cadays   - CA cert expiration in days\t(default: 3650)\n
+  --nosan    - do not write SAN records\n"
 }
 
 #  Parse command line arguments
@@ -28,7 +29,7 @@ OPTIND=1 # Reset in case getopts has been used previously in the shell.
 
 # read arguments
 opts=$(getopt \
-    --longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:," \
+    --longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan," \
     --name "$(basename "$0")" \
     --options "" \
     -- "$@"
@@ -78,6 +79,11 @@ while [ $# -gt 0 ]; do
       shift 2
       ;;
 
+    --nosan)
+      ARG_NOSAN=1
+      shift 2
+      ;;
+
     *)
       break
       ;;
@@ -98,6 +104,7 @@ fi
 # echo ARG_CAKEY=$ARG_CAKEY
 # echo ARG_CA=$ARG_CA
 # echo ARG_CADAYS=$ARG_CADAYS
+# echo ARG_NOSAN=$ARG_NOSAN
 
 #  prepare common variables
 ##
@@ -167,12 +174,15 @@ extendedKeyUsage = serverAuth
 subjectAltName = @alt_names
 [ alt_names ]"
 
-  # Gather IPs for SAN
+
-  
+  if [ $ARG_NOSAN -ne 1 ]; then
-  i=1
+    # Gather IPs for SAN
-  IPS="$(getent ahostsv4 $(hostname) | awk '{print $1}' |sort | uniq)"
+    
-  echo "[${ME}] Found these IPs: " ${IPS}
+    i=1
-  PAYLOAD="$(for IP in $IPS; do echo "IP.${i} = ${IP}" ; i=$((i + 1)); done)"
+    IPS="$(getent ahostsv4 $(hostname) | awk '{print $1}' |sort | uniq)"
+    echo "[${ME}] Found these IPs: " ${IPS}
+    PAYLOAD="$(for IP in $IPS; do echo "IP.${i} = ${IP}" ; i=$((i + 1)); done)"
+  fi
   
   printf "${OPENSSL_CONFIG_CONTENT}\n${PAYLOAD}\n" > "${OPENSSL_CONFIG}"
 }