All SSL terminus classes now force the CA information into the right place.

Without this, then you could end up duplicating your CA
key into the normal directory depending on how caching
was set up.

Again, this design aspect isn't the most straightforward,
but at least it's functional now.

2 files changed, 2 insertions, 0 deletions

diff --git a/lib/puppet/indirector/certificate/file.rb b/lib/puppet/indirector/certificate/file.rb
index 9e2e8ed99..5f4ade051 100644
--- a/lib/puppet/indirector/certificate/file.rb
+++ b/lib/puppet/indirector/certificate/file.rb
@@ -5,4 +5,5 @@ class Puppet::SSL::Certificate::File < Puppet::Indirector::SslFile
     desc "Manage SSL certificates on disk."
 
     store_in :certdir
+    store_ca_at :cacert
 end
diff --git a/lib/puppet/indirector/key/file.rb b/lib/puppet/indirector/key/file.rb
index 7103c2903..4536f8aa7 100644
--- a/lib/puppet/indirector/key/file.rb
+++ b/lib/puppet/indirector/key/file.rb
@@ -5,6 +5,7 @@ class Puppet::SSL::Key::File < Puppet::Indirector::SslFile
     desc "Manage SSL private and public keys on disk."
 
     store_in :privatekeydir
+    store_ca_at :cakey
 
     # Where should we store the public key?
     def public_key_path(name)