From a48160a4861dcfffb661bcbf8783ecdb84cbf3e6 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 29 Jan 2013 13:00:40 -0800 Subject: added support for client ca cert in site openvpn. --- puppet/modules/site_openvpn/manifests/keys.pp | 6 ++++++ puppet/modules/site_openvpn/manifests/server_config.pp | 4 ++++ 2 files changed, 10 insertions(+) (limited to 'puppet/modules/site_openvpn/manifests') diff --git a/puppet/modules/site_openvpn/manifests/keys.pp b/puppet/modules/site_openvpn/manifests/keys.pp index 4c43ec05..78902676 100644 --- a/puppet/modules/site_openvpn/manifests/keys.pp +++ b/puppet/modules/site_openvpn/manifests/keys.pp @@ -12,6 +12,12 @@ class site_openvpn::keys { notify => Service[openvpn]; } + x509::ca { + 'leap_client_ca': + content => $site_openvpn::x509_config['client_ca_cert'], + notify => Service[openvpn]; + } + x509::ca { 'leap_openvpn': content => $site_openvpn::x509_config['ca_cert'], diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index c4f64225..da40529c 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -67,6 +67,10 @@ define site_openvpn::server_config ($port, $proto, $local, $server, $push, $mana } openvpn::option { + "ca $openvpn_configname": + key => 'ca', + value => '/usr/local/share/ca-certificates/leap_client_ca.crt', + server => $openvpn_configname; "ca $openvpn_configname": key => 'ca', value => '/usr/local/share/ca-certificates/leap_openvpn.crt', -- cgit v1.2.3