Use different common_name for openssl

slapos/recipe/kvm/__init__.py

@@ -34,6 +34,7 @@ import zc.buildout
 import pkg_resources
 import ConfigParser
 import hashlib
+import uuid
 
 class Recipe(BaseSlapRecipe):
 
@@ -55,9 +56,9 @@ class Recipe(BaseSlapRecipe):
     self.cron_d                          = self.installCrond()
 
     # XXX-Cedric: Cert is self-signed and issuer is randomly generated.
-    ca_company = binascii.hexlify(os.urandom(10))
+    ca_common_name = 'SlapOS KVM root %s' % uuid.uuid1()
     self.ca_conf                         = self.installCertificateAuthority(
-                                               ca_company = ca_company)
+                                               ca_company = ca_common_name)
     self.key_path, self.certificate_path = self.requestCertificate('noVNC')
 
     # Install the socket_connection_attempt script
@@ -267,7 +268,7 @@ class Recipe(BaseSlapRecipe):
 
   def installCertificateAuthority(self, ca_country_code='XX',
       ca_email='xx@example.com', ca_state='State', ca_city='City',
-      ca_company='Company'):
+      ca_company='Company', ca_common_name="CommonName"):
     backup_path = self.createBackupDirectory('ca')
     self.ca_dir = os.path.join(self.data_root_directory, 'ca')
     self._createDirectory(self.ca_dir)
@@ -295,6 +296,7 @@ class Recipe(BaseSlapRecipe):
         city=ca_city,
         company=ca_company,
         email_address=ca_email,
+        common_name=ca_common_name,
     )
     self._writeFile(openssl_configuration, pkg_resources.resource_string(
       __name__, 'template/openssl.cnf.ca.in') % config)

slapos/recipe/kvm/template/openssl.cnf.ca.in

@@ -145,6 +145,7 @@ localityName_value			= %(city)s
 #1.organizationName_default	 = World Wide Web Pty Ltd
 
 commonName	   = Common Name (eg, your name or your server\'s hostname)
+commonName_value = %(common_name)s
 commonName_max	   = 64
 
 emailAddress	   = Email Address