From a89108995ff13fbbef0bf5cbf429cede5ff81078 Mon Sep 17 00:00:00 2001
From: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Date: Fri, 21 Nov 2025 10:37:39 +0100
Subject: [PATCH] fix: add CA subject to generated certificate

Self-signed certificates are missing Subject/Issuer info,
which are not present in CA. This sometimes might be causing issues
as it is invalid format.

Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
---
 cmd/talosctl/pkg/mgmt/helpers/airgapped.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/cmd/talosctl/pkg/mgmt/helpers/airgapped.go b/cmd/talosctl/pkg/mgmt/helpers/airgapped.go
index 99fc41ea3..eeb3b9ec2 100644
--- a/cmd/talosctl/pkg/mgmt/helpers/airgapped.go
+++ b/cmd/talosctl/pkg/mgmt/helpers/airgapped.go
@@ -13,13 +13,17 @@ import (
 
 // GenerateSelfSignedCert generates self-signed certificate.
 func GenerateSelfSignedCert(sanIPs []net.IP, sanNames []string) ([]byte, []byte, []byte, error) {
-	ca, err := x509.NewSelfSignedCertificateAuthority(x509.ECDSA(true))
+	ca, err := x509.NewSelfSignedCertificateAuthority(
+		x509.ECDSA(true),
+		x509.Organization("talos.dev"),
+		x509.CommonName("talos.dev Root CA"),
+	)
 	if err != nil {
 		return nil, nil, nil, err
 	}
 
 	serverIdentity, err := x509.NewKeyPair(ca,
-		x509.Organization("test"),
+		x509.Organization("talos.dev"),
 		x509.CommonName("server"),
 		x509.IPAddresses(sanIPs),
 		x509.DNSNames(sanNames),