Recently, for reasons, I had to generate a self-signed certificate with subject alternative names. As an additional wrinkle, I was trying to do it as part of the userdata script for a machine instance in EC2 running Amazon Linux. This turned out to be more difficult than expected.
After piecing together various blog posts this is what I ended up with.
LOCAL_HOSTNAME=$(GET http://169.254.169.254/latest/meta-data/local-hostname) LOCAL_IPV4=$(GET http://169.254.169.254/latest/meta-data/local-ipv4) openssl req \ -newkey rsa:2048 \ -nodes \ -sha256 \ -x509 \ -days 3650 \ -config <(cat <<EOF [req] distinguished_name = req_distinguished_name x509_extensions = v3_req prompt = no [req_distinguished_name] C = US ST = California L = Los Angeles O = Example.
One of the things I’ve been experimenting with is Terraform from Hashicorp. It provides a simple configuration language for describing infrastructure that fills in the gap left by configuration tools like Puppet, Salt, and Ansible. Those tools can only describe what happens after a machine is created, not how to create that machine.
I thought I’d try and create the beginnings of a typical production test environment with split public and private networks.
