From c3be01556a54e67a5046b0e7f8facf3e5f15e4f9 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Mon, 12 Sep 2016 08:56:04 +0300 Subject: Fill DNS name for haproxy certificates This sets the subject alt name field for the certificates we auto-generate, which will remove the security warnings we constantly see in the undercloud. This is the proper way to set certificates, since the usage of the CN as a replacement for the subjectAltName is being deprecated (very slowly). Change-Id: I475cbffd47425e850902838eec06bf461df2acd0 Closes-Bug: #1622446 --- manifests/certmonger/haproxy.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'manifests/certmonger') diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index 2b738e6..0168227 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -49,6 +49,7 @@ define tripleo::certmonger::haproxy ( ){ certmonger_certificate { "${title}-cert": hostname => $hostname, + dnsname => $hostname, certfile => $service_certificate, keyfile => $service_key, postsave_cmd => $postsave_cmd, -- cgit 1.2.3-korg