Changes:
- generate-csr.sh: New 9th parameter for comma-separated additional DNS names
- cert-manager.py: Interactive prompt for additional DNS names
- Automatically appends extra names to SAN list
Example usage:
- Interactive: Enter 'firewall.domain.com,vpn.domain.com' at prompt
- Manual: ./generate-csr.sh host fqdn DE berlin berlin org it 4096 'extra1.com,extra2.com'
Benefits:
✅ Single certificate for multiple DNS names
✅ Support for aliases and CNAMEs
✅ Flexible certificate deployment
- Automatically detects target host IP address
- Includes IP in Subject Alternative Names (IP:x.x.x.x)
- Allows secure HTTPS access via both hostname AND IP
- Tries SSH detection first, falls back to local DNS resolution
- Shows detected IP in generation summary
- Displays SAN entries after CSR creation for verification
Benefits:
- Access services via https://10.0.0.50:8006 without cert warnings
- Access via https://hostname:8006 also works
- Single certificate for all access methods
- No browser security warnings on IP-based access
