diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-09-12 08:56:04 +0300 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-09-12 08:56:04 +0300 |
commit | c3be01556a54e67a5046b0e7f8facf3e5f15e4f9 (patch) | |
tree | 1de7fe1e1b59f654e851c930f72c2d00596193c5 | |
parent | cbd84e7e52d5751f74bebbff866c784809df6bde (diff) |
Fill DNS name for haproxy certificates
This sets the subject alt name field for the certificates we
auto-generate, which will remove the security warnings we constantly
see in the undercloud. This is the proper way to set certificates,
since the usage of the CN as a replacement for the subjectAltName is
being deprecated (very slowly).
Change-Id: I475cbffd47425e850902838eec06bf461df2acd0
Closes-Bug: #1622446
-rw-r--r-- | manifests/certmonger/haproxy.pp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index 2b738e6..0168227 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -49,6 +49,7 @@ define tripleo::certmonger::haproxy ( ){ certmonger_certificate { "${title}-cert": hostname => $hostname, + dnsname => $hostname, certfile => $service_certificate, keyfile => $service_key, postsave_cmd => $postsave_cmd, |