# File lib/puppet/sslcertificates/ca.rb, line 239
239:     def sign(csr)
240:         unless csr.is_a?(OpenSSL::X509::Request)
241:             raise Puppet::Error,
242:                 "CA#sign only accepts OpenSSL::X509::Request objects, not %s" %
243:                 csr.class
244:         end
245: 
246:         unless csr.verify(csr.public_key)
247:             raise Puppet::Error, "CSR sign verification failed"
248:         end
249: 
250:         serial = nil
251:         Puppet.settings.readwritelock(:serial) { |f|
252:             serial = File.read(@config[:serial]).chomp.hex
253:             # increment the serial
254:             f << "%04X" % (serial + 1)
255:         }
256: 
257:         newcert = Puppet::SSLCertificates.mkcert(
258:             :type => :server,
259:             :name => csr.subject,
260:             :ttl => ttl,
261:             :issuer => @cert,
262:             :serial => serial,
263:             :publickey => csr.public_key
264:         )
265: 
266: 
267:         sign_with_key(newcert)
268: 
269:         self.storeclientcert(newcert)
270: 
271:         return [newcert, @cert]
272:     end