From 04982048ba91f4b14e546b79f62168417e95edeb Mon Sep 17 00:00:00 2001
From: Paul Lorenz <paul.lorenz@netfoundry.io>
Date: Wed, 27 Sep 2023 10:51:58 -0400
Subject: [PATCH] Use identity id instead of hostname for CA. Fixes #115

---
 ziti/enroll/enroll.go | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/ziti/enroll/enroll.go b/ziti/enroll/enroll.go
index 1e81ed9f..00d49b6c 100644
--- a/ziti/enroll/enroll.go
+++ b/ziti/enroll/enroll.go
@@ -319,18 +319,13 @@ func enrollUpdb(username, password string, token *ziti.EnrollmentClaims, caPool
 }
 
 func enrollOTT(token *ziti.EnrollmentClaims, cfg *ziti.Config, caPool *x509.CertPool) error {
-
 	pk, err := identity.LoadKey(cfg.ID.Key)
 	if err != nil {
 		return errors.Errorf("failed to load private key '%s': %s", cfg.ID.Key, err.Error())
 	}
 
-	hostname, err := os.Hostname()
-	if err != nil {
-		return err
-	}
 	request, err := certtools.NewCertRequest(map[string]string{
-		"C": "US", "O": "NetFoundry", "CN": hostname,
+		"C": "US", "O": "NetFoundry", "CN": token.Subject,
 	}, nil)
 	if err != nil {
 		return err