Puppet Version: 7.7.0
Puppet Server Version: 7.2.0
OS Name/Version: CentOS 7.9
When using the puppetserver ca generate --certname <CERTNAME> command to generate a certificate, the new certificate has always the SAN attribute set to the DNS:<CERTNAME>.
--subject-alt-names was not used on the CLI:
We use the puppetserver ca generate feature to create some special certificates, which are not directly used or generated by a Puppet agent.
puppetserver ca generate -
certname <CERTNAME> should not set the SAN attribute without -subject-alt-names
puppetserver ca generate --certname <CERTNAME> sets the SAN attribute by default to DNS:<CERTNAME> in the certificate.