From: Kushal Deb <Kushal.Deb@ibm.com>
Date: Wed, 7 May 2025 09:51:13 +0000 (+0530)
Subject: mgr/cephadm: include cluster FSID in root CA Common Name (CN)
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=f7270c46fb700f0bebb309517d590aeda56daf1e;p=ceph.git

mgr/cephadm: include cluster FSID in root CA Common Name (CN)

Signed-off-by: Kushal Deb <Kushal.Deb@ibm.com>
---

diff --git a/src/pybind/mgr/cephadm/ssl_cert_utils.py b/src/pybind/mgr/cephadm/ssl_cert_utils.py
index ee8d88e55f0..516f043f032 100644
--- a/src/pybind/mgr/cephadm/ssl_cert_utils.py
+++ b/src/pybind/mgr/cephadm/ssl_cert_utils.py
@@ -137,7 +137,7 @@ class SSLCerts:
         root_public_key = self.root_key.public_key()
         root_builder = x509.CertificateBuilder()
         root_ca_name = x509.Name([
-            x509.NameAttribute(NameOID.COMMON_NAME, u'cephadm-root'),
+            x509.NameAttribute(NameOID.COMMON_NAME, f'cephadm-root-{self.cluster_fsid}'),
         ])
         root_builder = root_builder.subject_name(root_ca_name)
         root_builder = root_builder.issuer_name(root_ca_name)
@@ -198,7 +198,7 @@ class SSLCerts:
 
         builder = x509.CertificateBuilder()
         root_ca_name = x509.Name([
-            x509.NameAttribute(NameOID.COMMON_NAME, u'cephadm-root'),
+            x509.NameAttribute(NameOID.COMMON_NAME, f'cephadm-root-{self.cluster_fsid}'),
         ])
         builder = builder.subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, addrs[0]), ]))
         builder = builder.issuer_name(root_ca_name)