path: root/manifests/certmonger
diff options
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-09-12 08:56:04 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-09-12 08:56:04 +0300
commitc3be01556a54e67a5046b0e7f8facf3e5f15e4f9 (patch)
tree1de7fe1e1b59f654e851c930f72c2d00596193c5 /manifests/certmonger
parentcbd84e7e52d5751f74bebbff866c784809df6bde (diff)
Fill DNS name for haproxy certificates
This sets the subject alt name field for the certificates we auto-generate, which will remove the security warnings we constantly see in the undercloud. This is the proper way to set certificates, since the usage of the CN as a replacement for the subjectAltName is being deprecated (very slowly). Change-Id: I475cbffd47425e850902838eec06bf461df2acd0 Closes-Bug: #1622446
Diffstat (limited to 'manifests/certmonger')
1 files changed, 1 insertions, 0 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index 2b738e6..0168227 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -49,6 +49,7 @@ define tripleo::certmonger::haproxy (
certmonger_certificate { "${title}-cert":
hostname => $hostname,
+ dnsname => $hostname,
certfile => $service_certificate,
keyfile => $service_key,
postsave_cmd => $postsave_cmd,