Fix #4226 - Prepend 'Puppet CA: ' to fqdn for default root ca_name

Having a root ca_name that matches the fqdn of the puppet master would
cause certificate lookup problems on some clients, resulting in failed SSL
negotiation.

Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>

1 files changed, 4 insertions, 10 deletions

diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb
index 63e6b922a..f3321bd29 100644
--- a/lib/puppet/sslcertificates/ca.rb
+++ b/lib/puppet/sslcertificates/ca.rb
@@ -147,21 +147,19 @@ class Puppet::SSLCertificates::CA
 
   # Create the root certificate.
   def mkrootcert
-    # Make the root cert's name the FQDN of the host running the CA.
-    name = Facter["hostname"].value
+    # Make the root cert's name "Puppet CA: " plus the FQDN of the host running the CA.
+    name = "Puppet CA: #{Facter["hostname"].value}"
     if domain = Facter["domain"].value
       name += ".#{domain}"
     end
 
-          cert = Certificate.new(
-                
+    cert = Certificate.new(
       :name => name,
       :cert => @config[:cacert],
       :encrypt => @config[:capass],
       :key => @config[:cakey],
       :selfsign => true,
       :ttl => ttl,
-        
       :type => :ca
     )
 
@@ -241,19 +239,15 @@ class Puppet::SSLCertificates::CA
       f << "%04X" % (serial + 1)
     }
 
-
-          newcert = Puppet::SSLCertificates.mkcert(
-                
+    newcert = Puppet::SSLCertificates.mkcert(
       :type => :server,
       :name => csr.subject,
       :ttl => ttl,
       :issuer => @cert,
       :serial => serial,
-        
       :publickey => csr.public_key
     )
 
-
     sign_with_key(newcert)
 
     self.storeclientcert(newcert)