# File lib/puppet/ssl/certificate_request.rb, line 26
26:   def generate(key)
27:     Puppet.info "Creating a new SSL certificate request for #{name}"
28: 
29:     # Support either an actual SSL key, or a Puppet key.
30:     key = key.content if key.is_a?(Puppet::SSL::Key)
31: 
32:     # If we're a CSR for the CA, then use the real ca_name, rather than the
33:     # fake 'ca' name.  This is mostly for backward compatibility with 0.24.x,
34:     # but it's also just a good idea.
35:     common_name = name == Puppet::SSL::CA_NAME ? Puppet.settings[:ca_name] : name
36: 
37:     csr = OpenSSL::X509::Request.new
38:     csr.version = 0
39:     csr.subject = OpenSSL::X509::Name.new([["CN", common_name]])
40:     csr.public_key = key.public_key
41:     csr.sign(key, OpenSSL::Digest::MD5.new)
42: 
43:     raise Puppet::Error, "CSR sign verification failed; you need to clean the certificate request for #{name} on the server" unless csr.verify(key.public_key)
44: 
45:     @content = csr
46:     Puppet.info "Certificate Request fingerprint (md5): #{fingerprint}"
47:     @content
48:   end