Use private_key parameter when creating certificate

[vasilevalex]

Pull Request (PR) description

Use private key created before, not the default value.

This Pull Request (PR) fixes the following issues

Fixes #185

[kenyon]

Seems like we need more test coverage too, since this was broken and no tests failed.

[zilchms]

I am still not sure if we want to allow direct private key passing into the certificate. CSRs exist for exactly this reason. The regression for no longer allowing directly passing keys into certs and using CSRs instead was made specifically for this reason.

To be clear: I am not against allowing passing the private key directly, I just would like to get a good reason to do so

I may also be completely wrong here, been a while since I made those changes

[vasilevalex]

In the simplest case without CA we need some private key to sign the certificate. So openssl is invokeg with -signkey:

puppet-openssl/lib/puppet/provider/x509_cert/openssl.rb

Line 84 in dcd89b5

options << ['-signkey', resource[:private_key]]

with the private key as parameter. And if we don't pass the private key generated earlier, default value would be used.