From: Sangeetha Elumalai <sangeetha.elumalai@timesys.com>
Date: Wed, 17 Dec 2025 18:11:51 +0530

Based on:https://github.com/cockpit-project/cockpit/commit/0257f852cab67687b89a224652856a180ecde0fe

diff --git a/src/tls/cockpit-certificate-helper.in b/src/tls/cockpit-certificate-helper.in
index 597569d..0f8be79 100644
--- a/src/tls/cockpit-certificate-helper.in
+++ b/src/tls/cockpit-certificate-helper.in
@@ -40,6 +40,33 @@ selfsign_sscg() {
 }
 
 selfsign_openssl() {
+    OPENSSL_VERSION_MAJOR=$(openssl version | awk '{print $2}' | cut -d. -f1)
+
+if [ "$OPENSSL_VERSION_MAJOR" -lt 3 ]; then
+    openssl req -x509 \
+        -days "${DAYS}" \
+        -newkey rsa \
+        -keyout "${KEYFILE}" \
+        -keyform PEM \
+        -nodes \
+        -out "${CERTFILE}" \
+        -outform PEM \
+        -subj "${MACHINE_ID:+/O=${MACHINE_ID}}/CN=${HOSTNAME}" \
+        -config - \
+        -extensions v3_req << EOF
+    [ req ]
+    req_extensions = v3_req
+    extensions = v3_req
+    distinguished_name = req_distinguished_name
+    [ req_distinguished_name ]
+    [ v3_req ]
+    subjectAltName=IP:127.0.0.1,DNS:localhost
+    basicConstraints = critical, CA:TRUE
+    keyUsage = critical, digitalSignature,cRLSign,keyCertSign,keyEncipherment,keyAgreement
+    extendedKeyUsage = serverAuth
+EOF
+
+else
     openssl req -x509 \
         -days "${DAYS}" \
         -newkey rsa \
@@ -53,6 +80,7 @@ selfsign_openssl() {
         -addext "basicConstraints = critical,CA:TRUE" \
         -addext "keyUsage = critical,digitalSignature,cRLSign,keyCertSign,keyEncipherment,keyAgreement" \
         -addext "extendedKeyUsage = serverAuth"
+fi
 }
 
 cmd_selfsign() {
-- 
2.25.1