Use non-wildcard form of server cert domain as CN, and put both forms in SAN.

2020-07-10 12:34:07 +02:00 · 2020-07-10 12:34:07 +02:00 · ab21dca280
parent 0942168b3b
commit ab21dca280
1 changed files with 3 additions and 2 deletions
--- a/main.go
+++ b/main.go
@ -81,11 +81,12 @@ func main() {
 }

 func getServerCertTemplate(domain string, notBefore time.Time, notAfter time.Time) x509.Certificate {
-	wildcard := "*." + domain
 	template := getCommonCertTemplate(notBefore, notAfter)
 	template.Subject = pkix.Name{
-		CommonName: wildcard,
+		CommonName: domain,
 	}
+	wildcard := "*." + domain
+	template.DNSNames = append(template.DNSNames, domain)
 	template.DNSNames = append(template.DNSNames, wildcard)
 	return template
 }