From 35cc7ef8d7eec08a5487e3e5e666e78ff7f7058c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Kj=C3=A6r?= <bunjiboys@bunjiboys.dk>
Date: Wed, 14 Jun 2017 09:20:24 -0700
Subject: [PATCH] Adding support for private DigiCert certificates (#835)

---
 docs/administration.rst                | 5 +++++
 lemur/plugins/lemur_digicert/plugin.py | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/docs/administration.rst b/docs/administration.rst
index 10db1505..40e8aab8 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -466,6 +466,11 @@ The following configuration properties are required to use the Digicert issuer p
             This is the default validity (in years), if no end date is specified. (Default: 1)
 
 
+.. data:: DIGICERT_PRIVATE
+    :noindex:
+
+            This is whether or not to issue a private certificate. (Default: False)
+
 
 CFSSL Issuer Plugin
 ^^^^^^^^^^^^^^^^^^^
diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index f319394e..6a80fc7d 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -126,6 +126,12 @@ def map_fields(options, csr):
     else:
         data['custom_expiration_date'] = options['validity_end'].format('YYYY-MM-DD')
 
+    if current_app.config.get('DIGICERT_PRIVATE', False):
+        if 'product' in data:
+            data['product']['type_hint'] = 'private'
+        else:
+            data['product'] = dict(type_hint='private')
+
     return data