# File lib/puppet/ssl/certificate_authority.rb, line 245
245:     def sign(hostname, cert_type = :server, self_signing_csr = nil)
246:         # This is a self-signed certificate
247:         if self_signing_csr
248:             csr = self_signing_csr
249:             issuer = csr.content
250:         else
251:             unless csr = Puppet::SSL::CertificateRequest.find(hostname)
252:                 raise ArgumentError, "Could not find certificate request for %s" % hostname
253:             end
254:             issuer = host.certificate.content
255:         end
256: 
257:         cert = Puppet::SSL::Certificate.new(hostname)
258:         cert.content = Puppet::SSL::CertificateFactory.new(cert_type, csr.content, issuer, next_serial).result
259:         cert.content.sign(host.key.content, OpenSSL::Digest::SHA1.new)
260: 
261:         Puppet.notice "Signed certificate request for %s" % hostname
262: 
263:         # Add the cert to the inventory before we save it, since
264:         # otherwise we could end up with it being duplicated, if
265:         # this is the first time we build the inventory file.
266:         inventory.add(cert)
267: 
268:         # Save the now-signed cert.  This should get routed correctly depending
269:         # on the certificate type.
270:         cert.save
271: 
272:         # And remove the CSR if this wasn't self signed.
273:         Puppet::SSL::CertificateRequest.destroy(csr.name) unless self_signing_csr
274: 
275:         return cert
276:     end