diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py
index bc6dbad1..6b438c06 100644
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@@ -87,6 +87,7 @@ class Certificate(db.Model):
body = Column(Text(), nullable=False)
chain = Column(Text())
+ csr = Column(Text())
private_key = Column(Vault)
issuer = Column(String(128))
@@ -158,6 +159,9 @@ class Certificate(db.Model):
if kwargs.get('chain'):
self.chain = kwargs['chain'].strip()
+ if kwargs.get('csr'):
+ self.csr = kwargs['csr'].strip()
+
self.notify = kwargs.get('notify', True)
self.destinations = kwargs.get('destinations', [])
self.notifications = kwargs.get('notifications', [])
diff --git a/lemur/certificates/schemas.py b/lemur/certificates/schemas.py
index a92f1f66..bf18eac9 100644
--- a/lemur/certificates/schemas.py
+++ b/lemur/certificates/schemas.py
@@ -74,7 +74,7 @@ class CertificateInputSchema(CertificateCreationSchema):
roles = fields.Nested(AssociatedRoleSchema, missing=[], many=True)
dns_provider = fields.Nested(AssociatedDnsProviderSchema, missing=None, allow_none=True, required=False)
- csr = fields.String(validate=validators.csr)
+ csr = fields.String(allow_none=True, validate=validators.csr)
key_type = fields.String(
validate=validate.OneOf(CERTIFICATE_KEY_TYPES),
@@ -156,6 +156,7 @@ class CertificateNestedOutputSchema(LemurOutputSchema):
bits = fields.Integer()
body = fields.String()
chain = fields.String()
+ csr = fields.String()
active = fields.Boolean()
rotation = fields.Boolean()
@@ -187,6 +188,7 @@ class CertificateOutputSchema(LemurOutputSchema):
bits = fields.Integer()
body = fields.String()
chain = fields.String()
+ csr = fields.String()
deleted = fields.Boolean(default=False)
description = fields.String()
issuer = fields.String()
diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py
index 72b38bab..54c60924 100644
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@@ -72,6 +72,7 @@ class CertificatesList(AuthenticatedResource):
"status": null,
"cn": "*.test.example.net",
"chain": "",
+ "csr": "-----BEGIN CERTIFICATE REQUEST-----"
"authority": {
"active": true,
"owner": "secure@example.com",
@@ -490,6 +491,7 @@ class Certificates(AuthenticatedResource):
"status": null,
"cn": "*.test.example.net",
"chain": "",
+ "csr": "-----BEGIN CERTIFICATE REQUEST-----"
"authority": {
"active": true,
"owner": "secure@example.com",
@@ -694,6 +696,7 @@ class NotificationCertificatesList(AuthenticatedResource):
"status": null,
"cn": "*.test.example.net",
"chain": "",
+ "csr": "-----BEGIN CERTIFICATE REQUEST-----"
"authority": {
"active": true,
"owner": "secure@example.com",
@@ -802,6 +805,7 @@ class CertificatesReplacementsList(AuthenticatedResource):
"status": null,
"cn": "*.test.example.net",
"chain": "",
+ "csr": "-----BEGIN CERTIFICATE REQUEST-----",
"authority": {
"active": true,
"owner": "secure@example.com",
diff --git a/lemur/migrations/versions/7ead443ba911_.py b/lemur/migrations/versions/7ead443ba911_.py
new file mode 100644
index 00000000..62be01aa
--- /dev/null
+++ b/lemur/migrations/versions/7ead443ba911_.py
@@ -0,0 +1,21 @@
+"""Add csr to certificates table
+
+Revision ID: 7ead443ba911
+Revises: 6006c79b6011
+Create Date: 2018-10-21 22:06:23.056906
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '7ead443ba911'
+down_revision = '6006c79b6011'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+ op.add_column('certificates', sa.Column('csr', sa.TEXT(), nullable=True))
+
+def downgrade():
+ op.drop_column('certificates', 'csr')
diff --git a/lemur/static/app/angular/certificates/certificate/certificate.js b/lemur/static/app/angular/certificates/certificate/certificate.js
index abb3a4fa..273fc9d5 100644
--- a/lemur/static/app/angular/certificates/certificate/certificate.js
+++ b/lemur/static/app/angular/certificates/certificate/certificate.js
@@ -215,6 +215,7 @@ angular.module('lemur')
CertificateApi.get(editId).then(function (certificate) {
$scope.certificate = certificate;
$scope.certificate.name = ''; // we should prefer the generated name
+ $scope.certificate.csr = null; // should not clone CSR in case other settings are changed in clone
$scope.certificate.validityStart = null;
$scope.certificate.validityEnd = null;
CertificateService.getDefaults($scope.certificate);
diff --git a/lemur/static/app/angular/certificates/view/view.tpl.html b/lemur/static/app/angular/certificates/view/view.tpl.html
index 1fc83af6..ba17ffa6 100644
--- a/lemur/static/app/angular/certificates/view/view.tpl.html
+++ b/lemur/static/app/angular/certificates/view/view.tpl.html
@@ -182,6 +182,13 @@
{{ certificate.chain }}
+
+
+ CSR
+
+
+ {{ certificate.csr }}
+
Public Certificate
diff --git a/lemur/tests/test_certificates.py b/lemur/tests/test_certificates.py
index 1a4d644b..87416a7a 100644
--- a/lemur/tests/test_certificates.py
+++ b/lemur/tests/test_certificates.py
@@ -48,7 +48,7 @@ def test_get_certificate_primitives(certificate):
with freeze_time(datetime.date(year=2016, month=10, day=30)):
primitives = get_certificate_primitives(certificate)
- assert len(primitives) == 25
+ assert len(primitives) == 26
def test_certificate_output_schema(session, certificate, issuer_plugin):