From 63dc8fe7dccbcf8ecd216ba21edd75f0620d3c37 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 22 May 2022 23:22:06 +0200
Subject: [PATCH] crypto: set SAN in default generated Certificate to
 semi-random domain

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2462
---
 authentik/crypto/migrations/0002_create_self_signed_kp.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/authentik/crypto/migrations/0002_create_self_signed_kp.py b/authentik/crypto/migrations/0002_create_self_signed_kp.py
index 013d2de09..6ce147149 100644
--- a/authentik/crypto/migrations/0002_create_self_signed_kp.py
+++ b/authentik/crypto/migrations/0002_create_self_signed_kp.py
@@ -2,6 +2,8 @@
 
 from django.db import migrations
 
+from authentik.lib.generators import generate_id
+
 
 def create_self_signed(apps, schema_editor):
     CertificateKeyPair = apps.get_model("authentik_crypto", "CertificateKeyPair")
@@ -9,7 +11,7 @@ def create_self_signed(apps, schema_editor):
     from authentik.crypto.builder import CertificateBuilder
 
     builder = CertificateBuilder()
-    builder.build()
+    builder.build(subject_alt_names=[f"{generate_id()}.self-signed.goauthentik.io"])
     CertificateKeyPair.objects.using(db_alias).create(
         name="authentik Self-signed Certificate",
         certificate_data=builder.certificate,