Allow splitting of service cert and its chain

[dsa-puppet.git] / modules / ssl / manifests / service.pp

diff --git a/modules/ssl/manifests/service.pp b/modules/ssl/manifests/service.pp
index 9db3b2b2f60855ba105f2abb417d9c15b962f1f5..0694d097a7d8b79afd39c8f835a73d2ff3a0127c 100644 (file)
--- a/modules/ssl/manifests/service.pp
+++ b/modules/ssl/manifests/service.pp
@@ -9,6 +9,10 @@ define ssl::service($ensure = present, $tlsaport = 443, $notify = []) {
                source => "puppet:///modules/ssl/servicecerts/${name}.crt",
                notify => [ Exec['c_rehash /etc/ssl/debian/certs'], $notify ],
        }
+       file { "/etc/ssl/debian/certs/$name.crt-chain":
+               source => [ "puppet:///modules/ssl/servicecerts/${name}.crt-chain",  "puppet:///modules/ssl/empty" ]
+               notify => [ Exec['c_rehash /etc/ssl/debian/certs'], $notify ],
+       }
 
        if $tlsaport > 0 {
                dnsextras::tlsa_record{ "tlsa-${tlsaport}":