summaryrefslogtreecommitdiffstats
path: root/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java
diff options
context:
space:
mode:
Diffstat (limited to 'athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java')
-rw-r--r--athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java9
1 files changed, 6 insertions, 3 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java
index 6d121657a40..447b6efb09b 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java
@@ -35,14 +35,17 @@ public class Certificates {
var now = clock.instant();
var notBefore = now.minus(Duration.ofHours(1));
var notAfter = now.plus(CERTIFICATE_TTL);
- return X509CertificateBuilder.fromCsr(csr,
+ var builder = X509CertificateBuilder.fromCsr(csr,
x500principal,
notBefore,
notAfter,
caPrivateKey,
SHA256_WITH_ECDSA,
- X509CertificateBuilder.generateRandomSerialNumber())
- .build();
+ X509CertificateBuilder.generateRandomSerialNumber());
+ for (var san : csr.getSubjectAlternativeNames()) {
+ builder = builder.addSubjectAlternativeName(san.getValue());
+ }
+ return builder.build();
}
/** Returns the DNS name field from Subject Alternative Names in given csr */