# File lib/puppet/ssl/certificate_authority.rb, line 226
226:   def sign(hostname, cert_type = :server, self_signing_csr = nil)
227:     # This is a self-signed certificate
228:     if self_signing_csr
229:       csr = self_signing_csr
230:       issuer = csr.content
231:     else
232:       unless csr = Puppet::SSL::CertificateRequest.find(hostname)
233:         raise ArgumentError, "Could not find certificate request for #{hostname}"
234:       end
235:       issuer = host.certificate.content
236:     end
237: 
238:     cert = Puppet::SSL::Certificate.new(hostname)
239:     cert.content = Puppet::SSL::CertificateFactory.new(cert_type, csr.content, issuer, next_serial).result
240:     cert.content.sign(host.key.content, OpenSSL::Digest::SHA1.new)
241: 
242:     Puppet.notice "Signed certificate request for #{hostname}"
243: 
244:     # Add the cert to the inventory before we save it, since
245:     # otherwise we could end up with it being duplicated, if
246:     # this is the first time we build the inventory file.
247:     inventory.add(cert)
248: 
249:     # Save the now-signed cert.  This should get routed correctly depending
250:     # on the certificate type.
251:     cert.save
252: 
253:     # And remove the CSR if this wasn't self signed.
254:     Puppet::SSL::CertificateRequest.destroy(csr.name) unless self_signing_csr
255: 
256:     cert
257:   end