From ec647c819b79c9efd44ba61f54acf50f06777073 Mon Sep 17 00:00:00 2001
From: Phil Bayfield <phil@bayfmail.com>
Date: Sat, 3 May 2014 13:47:18 +0100
Subject: [PATCH] add common name support for server certificate

---
 manifests/server.pp  | 9 +++++++--
 templates/server.erb | 4 ++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/manifests/server.pp b/manifests/server.pp
index 5ad4f85c..8ea94b56 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -20,6 +20,10 @@
 # [*email*]
 #   String.  Email address to be used for the SSL certificate
 #
+# [*common_name*]
+#   String.  Common name to be used for the SSL certificate
+#   Default: server
+#
 # [*compression*]
 #   String.  Which compression algorithim to use
 #   Default: comp-lzo
@@ -232,6 +236,7 @@
   $city,
   $organization,
   $email,
+  $common_name = 'server',
   $compression = 'comp-lzo',
   $dev = 'tun0',
   $user = 'nobody',
@@ -354,9 +359,9 @@
                     File["/etc/openvpn/${name}/easy-rsa/openssl.cnf"] ];
 
     "generate server cert ${name}":
-      command  => '. ./vars && ./pkitool --server server',
+      command  => ". ./vars && ./pkitool --server ${common_name}",
       cwd      => "/etc/openvpn/${name}/easy-rsa",
-      creates  => "/etc/openvpn/${name}/easy-rsa/keys/server.key",
+      creates  => "/etc/openvpn/${name}/easy-rsa/keys/${common_name}.key",
       provider => 'shell',
       require  => Exec["initca ${name}"];
   }
diff --git a/templates/server.erb b/templates/server.erb
index f2774d8c..88b7b40e 100644
--- a/templates/server.erb
+++ b/templates/server.erb
@@ -1,8 +1,8 @@
 mode server
 client-config-dir /etc/openvpn/<%= scope.lookupvar('name') %>/client-configs
 ca /etc/openvpn/<%= scope.lookupvar('name') %>/keys/ca.crt
-cert /etc/openvpn/<%= scope.lookupvar('name') %>/keys/server.crt
-key /etc/openvpn/<%= scope.lookupvar('name') %>/keys/server.key
+cert /etc/openvpn/<%= scope.lookupvar('name') %>/keys/<%= scope.lookupvar('common_name') %>.crt
+key /etc/openvpn/<%= scope.lookupvar('name') %>/keys/<%= scope.lookupvar('common_name') %>.key
 dh /etc/openvpn/<%= scope.lookupvar('name') %>/keys/dh<%= scope.lookupvar('ssl_key_size') %>.pem
 crl-verify /etc/openvpn/<%= scope.lookupvar('name') %>/crl.pem
 <% if scope.lookupvar('proto') == 'tcp' -%>