From 8465b4bd7b32251e50b44222b57348b48982032b Mon Sep 17 00:00:00 2001
From: rudolfkoenig <rudolfkoenig@2b470e98-0d58-463d-a4d8-8e2adae1ed80>
Date: Mon, 20 Dec 2021 10:16:10 +0000
Subject: [PATCH] TcpServerUtils.pm: generate a better certificate (Forum
 #124874)

git-svn-id: https://svn.fhem.de/fhem/trunk@25358 2b470e98-0d58-463d-a4d8-8e2adae1ed80
---
 fhem/FHEM/TcpServerUtils.pm | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/fhem/FHEM/TcpServerUtils.pm b/fhem/FHEM/TcpServerUtils.pm
index d47d3ae1f..bfccf909b 100644
--- a/fhem/FHEM/TcpServerUtils.pm
+++ b/fhem/FHEM/TcpServerUtils.pm
@@ -188,8 +188,31 @@ TcpServer_SetSSL($)
       Log 1, "$name: failed to create certreq.txt: $!, falling back to HTTP";
       return;
     }
-    print FH "[ req ]\nprompt = no\ndistinguished_name = dn\n\n".
-             "[ dn ]\nC = DE\nO = FHEM\nCN = home.localhost\n\n";
+    my $hostname = `hostname`;
+    chomp($hostname);
+    print FH << "EOF";
+[ req ]
+prompt = no
+distinguished_name = dn
+x509_extensions = ext
+
+[ dn ]
+CN = $hostname
+O = FHEM
+OU = localhost
+
+[ ext ]
+basicConstraints=CA:TRUE
+extendedKeyUsage = serverAuth
+subjectAltName=\@san
+
+[san]
+DNS.1=localhost
+DNS.2=$hostname
+IP.1=127.0.0.1
+IP.2=::1
+EOF
+
     close(FH);
 
     my $cmd = "openssl req -new -x509 -days 3650 -nodes -newkey rsa:2048 ".