Inspired by #1880 (and docker/compose#890 et al.). Make sure `ca.pem` subject is different from `cert.pem` subject to work-around OpenSSL bug.

Signed-off-by: Matt Bogosian <mtb19@columbia.edu>

libmachine/cert/bootstrap.go

@@ -20,7 +20,8 @@ func BootstrapCertificates(authOptions *auth.AuthOptions) error {
 	// TODO: I'm not super happy about this use of "org", the user should
 	// have to specify it explicitly instead of implicitly basing it on
 	// $USER.
-	org := mcnutils.GetUsername()
+	caOrg := mcnutils.GetUsername()
+	org := caOrg + ".<bootstrap>"
 
 	bits := 2048
 
@@ -42,7 +43,7 @@ func BootstrapCertificates(authOptions *auth.AuthOptions) error {
 			return errors.New("The CA key already exists.  Please remove it or specify a different key/cert.")
 		}
 
-		if err := GenerateCACertificate(caCertPath, caPrivateKeyPath, org, bits); err != nil {
+		if err := GenerateCACertificate(caCertPath, caPrivateKeyPath, caOrg, bits); err != nil {
 			return fmt.Errorf("Generating CA certificate failed: %s", err)
 		}
 	}

libmachine/provision/utils.go

@@ -63,7 +63,7 @@ func ConfigureAuth(p Provisioner) error {
 	driver := p.GetDriver()
 	machineName := driver.GetMachineName()
 	authOptions := p.GetAuthOptions()
-	org := machineName
+	org := mcnutils.GetUsername() + "." + machineName
 	bits := 2048
 
 	ip, err := driver.GetIP()