From d223d14f6049ab3b48cb77999618d5f167f53775 Mon Sep 17 00:00:00 2001
From: David Grayston <davidgrayston@googlemail.com>
Date: Fri, 6 Nov 2020 12:12:12 +0000
Subject: [PATCH] NA: Fix certificate

---
 Dockerfile      |  6 ++++--
 ssl/openssl.cnf | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 ssl/openssl.cnf

diff --git a/Dockerfile b/Dockerfile
index 7126a37..f7fe533 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,18 +2,20 @@ FROM node:12-alpine
 
 WORKDIR /usr/src/app
 
+COPY ./ssl/openssl.cnf /etc/ssl/openssl.localhost.cnf
 COPY . .
 
 RUN apk --no-cache add openssl
 
 RUN openssl req \
+    -config /etc/ssl/openssl.localhost.cnf \
     -x509 \
     -nodes \
     -days 365 \
+    -sha256 \
     -newkey rsa:2048 \
     -keyout /etc/ssl/server.key \
-    -out /etc/ssl/server.crt \
-    -subj "/C=UK/ST=London/L=London/O=Yoti/OU=Yoti/CN=localhost"
+    -out /etc/ssl/server.crt
 
 RUN npm install
 
diff --git a/ssl/openssl.cnf b/ssl/openssl.cnf
new file mode 100644
index 0000000..1bc3c20
--- /dev/null
+++ b/ssl/openssl.cnf
@@ -0,0 +1,37 @@
+[req]
+default_bits           = 2048
+default_md             = sha256
+encrypt_key            = no
+prompt                 = no
+distinguished_name     = subject
+req_extensions         = req_ext
+x509_extensions        = x509_ext
+
+[ subject ]
+C                      = UK
+ST                     = London
+L                      = London
+O                      = Yoti
+OU                     = Yoti
+CN                     = localhost
+
+[ req_ext ]
+subjectKeyIdentifier   = hash
+basicConstraints       = CA:FALSE
+keyUsage               = digitalSignature, keyEncipherment
+extendedKeyUsage       = serverAuth, clientAuth
+subjectAltName         = @alternate_names
+nsComment              = "Self-Signed SSL Certificate"
+
+[ x509_ext ]
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid,issuer
+basicConstraints       = CA:FALSE
+keyUsage               = digitalSignature, keyEncipherment
+extendedKeyUsage       = serverAuth, clientAuth
+subjectAltName         = @alternate_names
+nsComment              = "Self-Signed SSL Certificate"
+
+[ alternate_names ]
+DNS.1                  = localhost
+IP.1                   = 127.0.0.1