crypto: set SAN in default generated Certificate to semi-random domain

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2462
This commit is contained in:
Jens Langhammer 2022-05-22 23:22:06 +02:00
parent 383f4e4dcf
commit 63dc8fe7dc

View file

@ -2,6 +2,8 @@
from django.db import migrations from django.db import migrations
from authentik.lib.generators import generate_id
def create_self_signed(apps, schema_editor): def create_self_signed(apps, schema_editor):
CertificateKeyPair = apps.get_model("authentik_crypto", "CertificateKeyPair") CertificateKeyPair = apps.get_model("authentik_crypto", "CertificateKeyPair")
@ -9,7 +11,7 @@ def create_self_signed(apps, schema_editor):
from authentik.crypto.builder import CertificateBuilder from authentik.crypto.builder import CertificateBuilder
builder = CertificateBuilder() builder = CertificateBuilder()
builder.build() builder.build(subject_alt_names=[f"{generate_id()}.self-signed.goauthentik.io"])
CertificateKeyPair.objects.using(db_alias).create( CertificateKeyPair.objects.using(db_alias).create(
name="authentik Self-signed Certificate", name="authentik Self-signed Certificate",
certificate_data=builder.certificate, certificate_data=builder.certificate,