feat(authority): avoid hardcoded cn in authority csr

2 years ago · 68b980d689
parent 988efc8cd4
commit 68b980d689
2 changed files with 5 additions and 1 deletions
--- a/authority/config/config.go
+++ b/authority/config/config.go
@ -64,6 +64,7 @@ type Config struct {
 	TLS              *TLSOptions          `json:"tls,omitempty"`
 	Password         string               `json:"password,omitempty"`
 	Templates        *templates.Templates `json:"templates,omitempty"`
+	CommonName       string               `json:"commonName,omitempty"`
 }

 // ASN1DN contains ASN1.DN attributes that are used in Subject and Issuer
@ -169,6 +170,9 @@ func (c *Config) Init() {
 	if c.AuthorityConfig == nil {
 		c.AuthorityConfig = &AuthConfig{}
 	}
+	if c.CommonName == "" {
+		c.CommonName = "Step Online CA"
+	}
 	c.AuthorityConfig.init()
 }

--- a/authority/tls.go
+++ b/authority/tls.go
@ -509,7 +509,7 @@ func (a *Authority) GetTLSCertificate() (*tls.Certificate, error) {
 	}

 	// Create initial certificate request.
-	cr, err := x509util.CreateCertificateRequest("Step Online CA", a.config.DNSNames, signer)
+	cr, err := x509util.CreateCertificateRequest(a.config.CommonName, a.config.DNSNames, signer)
 	if err != nil {
 		return fatal(err)
 	}