summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/utils/IdentityCsrGenerator.java4
1 files changed, 4 insertions, 0 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/utils/IdentityCsrGenerator.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/utils/IdentityCsrGenerator.java
index 26fb7819bfd..b1a3dc6dc03 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/utils/IdentityCsrGenerator.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/utils/IdentityCsrGenerator.java
@@ -1,6 +1,7 @@
// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.athenz.client.zts.utils;
+import com.yahoo.security.SubjectAlternativeName;
import com.yahoo.vespa.athenz.api.AthenzIdentity;
import com.yahoo.vespa.athenz.api.AthenzService;
import com.yahoo.vespa.athenz.client.zts.ZtsClient;
@@ -32,6 +33,9 @@ public class IdentityCsrGenerator {
identity.getName(),
identity.getDomainName().replace(".", "-"),
dnsSuffix))
+ .addSubjectAlternativeName(
+ SubjectAlternativeName.Type.URI,
+ "spiffe://%s/sa/%s".formatted(identity.getDomainName(), identity.getName()))
.build();
}