UPDATE: This also required a fix to the PDB container to properly open SSL port 8081 when USE_PUPPETSERVER=true. Unfortunately the spec suite for PDB didn't verify that and a line was missing from config. The jetty.ini config has been reworked in https://github.com/puppetlabs/puppetdb/pull/3086 and this PR can be re-run once a new container image with that code has shipped.
Based on recent changes to PDB container, DNS_ALT_NAME is properly specified, requiring Puppetserver to enable alt name support in the CA:
https://github.com/puppetlabs/puppetdb/pull/3082 https://github.com/puppetlabs/puppetdb/pull/3082/commits/023bfcd0fd9e703e384e8167c768e61f22e46919#diff-cd7f09d157fc0b30e177f7a0c1977bbfR6
UPDATE: This also required a fix to the PDB container to properly open SSL port 8081 when
USE_PUPPETSERVER=true. Unfortunately the spec suite for PDB didn't verify that and a line was missing from config. The jetty.ini config has been reworked in https://github.com/puppetlabs/puppetdb/pull/3086 and this PR can be re-run once a new container image with that code has shipped.