crypto: set SAN in default generated Certificate to semi-random domain

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2462
2022-05-22 23:22:06 +02:00 · 2022-05-22 23:22:06 +02:00 · 63dc8fe7dc
parent 383f4e4dcf
commit 63dc8fe7dc
1 changed files with 3 additions and 1 deletions
--- a/authentik/crypto/migrations/0002_create_self_signed_kp.py
+++ b/authentik/crypto/migrations/0002_create_self_signed_kp.py
@ -2,6 +2,8 @@

 from django.db import migrations

+from authentik.lib.generators import generate_id
+

 def create_self_signed(apps, schema_editor):
    CertificateKeyPair = apps.get_model("authentik_crypto", "CertificateKeyPair")
@ -9,7 +11,7 @@ def create_self_signed(apps, schema_editor):
    from authentik.crypto.builder import CertificateBuilder

    builder = CertificateBuilder()
-    builder.build()
+    builder.build(subject_alt_names=[f"{generate_id()}.self-signed.goauthentik.io"])
    CertificateKeyPair.objects.using(db_alias).create(
        name="authentik Self-signed Certificate",
        certificate_data=builder.certificate,