2 files changed, 10 insertions, 2 deletions

diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb
index 6a1986bc9..7b30e08f7 100644
--- a/lib/puppet/ssl/certificate_authority.rb
+++ b/lib/puppet/ssl/certificate_authority.rb
@@ -11,8 +11,9 @@ require 'puppet/ssl/certificate_request'
 # SSL stuff.
 class Puppet::SSL::CertificateAuthority
     require 'puppet/ssl/certificate_factory'
+    require 'puppet/ssl/inventory'
 
-    attr_reader :name, :host
+    attr_reader :name, :host, :inventory
 
     # Generate our CA certificate.
     def generate_ca_certificate
@@ -36,6 +37,8 @@ class Puppet::SSL::CertificateAuthority
         @name = Puppet[:certname]
 
         @host = Puppet::SSL::Host.new(Puppet::SSL::Host.ca_name)
+
+        @inventory = Puppet::SSL::Inventory.new
     end
 
     # Sign a given certificate request.
@@ -59,6 +62,11 @@ class Puppet::SSL::CertificateAuthority
 
         Puppet.notice "Signed certificate request for %s" % hostname
 
+        # Add the cert to the inventory before we save it, since
+        # otherwise we could end up with it being duplicated, if
+        # this is the first time we build the inventory file.
+        inventory.add(cert)
+
         # Save the now-signed cert.  This should get routed correctly depending
         # on the certificate type.
         cert.save
diff --git a/lib/puppet/ssl/inventory.rb b/lib/puppet/ssl/inventory.rb
index 953c93d37..3b32b6d7b 100644
--- a/lib/puppet/ssl/inventory.rb
+++ b/lib/puppet/ssl/inventory.rb
@@ -20,7 +20,7 @@ class Puppet::SSL::Inventory
     # Format our certificate for output.
     def format(cert)
         iso = '%Y-%m-%dT%H:%M:%S%Z'
-        return "0x%04x %s %s %s" % [cert.serial,  cert.not_before.strftime(iso), cert.not_after.strftime(iso), cert.subject]
+        return "0x%04x %s %s %s\n" % [cert.serial,  cert.not_before.strftime(iso), cert.not_after.strftime(iso), cert.subject]
     end
 
     def initialize