added support for client ca cert in site openvpn.

2 files changed, 10 insertions, 0 deletions

diff --git a/puppet/modules/site_openvpn/manifests/keys.pp b/puppet/modules/site_openvpn/manifests/keys.pp
index 4c43ec05..78902676 100644
--- a/puppet/modules/site_openvpn/manifests/keys.pp
+++ b/puppet/modules/site_openvpn/manifests/keys.pp
@@ -13,6 +13,12 @@ class site_openvpn::keys {
   }
 
   x509::ca {
+    'leap_client_ca':
+      content => $site_openvpn::x509_config['client_ca_cert'],
+      notify  => Service[openvpn];
+  }
+
+  x509::ca {
     'leap_openvpn':
       content => $site_openvpn::x509_config['ca_cert'],
       notify  => Service[openvpn];
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index c4f64225..da40529c 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -69,6 +69,10 @@ define site_openvpn::server_config ($port, $proto, $local, $server, $push, $mana
   openvpn::option {
     "ca $openvpn_configname":
         key     => 'ca',
+        value   => '/usr/local/share/ca-certificates/leap_client_ca.crt',
+        server  => $openvpn_configname;
+    "ca $openvpn_configname":
+        key     => 'ca',
         value   => '/usr/local/share/ca-certificates/leap_openvpn.crt',
         server  => $openvpn_configname;
     "cert $openvpn_configname":