From 4147c5e73d44e1986087550138ee4311fdbb63f3 Mon Sep 17 00:00:00 2001
From: James Allenby <James.Allenby@immediate.co.uk>
Date: Mon, 23 Oct 2023 16:06:10 +0100
Subject: [PATCH] use private key when creating x509 cert

---
 lib/puppet/provider/x509_cert/openssl.rb |  3 ++-
 manifests/certificate/x509.pp            | 19 ++++++++++---------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/lib/puppet/provider/x509_cert/openssl.rb b/lib/puppet/provider/x509_cert/openssl.rb
index affb2c24..b5b20d11 100644
--- a/lib/puppet/provider/x509_cert/openssl.rb
+++ b/lib/puppet/provider/x509_cert/openssl.rb
@@ -74,7 +74,8 @@ def create
         '-days', resource[:days],
         '-in', resource[:csr],
         '-out', resource[:path],
-        '-extfile', resource[:template]
+        '-extfile', resource[:template],
+        '-key', resource[:private_key]
       ]
       if resource[:ca]
         options << ['-CAcreateserial']
diff --git a/manifests/certificate/x509.pp b/manifests/certificate/x509.pp
index 566b6ae2..7ca472f8 100644
--- a/manifests/certificate/x509.pp
+++ b/manifests/certificate/x509.pp
@@ -193,15 +193,16 @@
     encrypted   => $encrypted,
   }
   ~> x509_cert { $_crt:
-    ensure   => $ensure,
-    template => $_cnf,
-    csr      => $_csr,
-    days     => $days,
-    password => $password,
-    req_ext  => $req_ext,
-    force    => $force,
-    ca       => $ca,
-    cakey    => $cakey,
+    ensure      => $ensure,
+    template    => $_cnf,
+    csr         => $_csr,
+    private_key => $_key,
+    days        => $days,
+    password    => $password,
+    req_ext     => $req_ext,
+    force       => $force,
+    ca          => $ca,
+    cakey       => $cakey,
   }
 
   # Set owner of all files