Feature #3750
Puppet should have an x.509 certificate type and provider
| Status: | Investigating | Start date: | 05/09/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Jeff McCune | % Done: | 0% | |
| Category: | provider | |||
| Target version: | - | |||
| Affected Puppet version: | 0.25.4 | Branch: | ||
| Keywords: | ssl, ca, multiple ca, type, provider | |||
Description
Impact Data: Everyone using or testing puppet and the x.509 PKI functionality.
Problem statement: It’s currently difficult and time consuming to generate CA and SSL certificates by hand, particularly when testing the use of multiple certificate authorities in puppet. The ability to manage SSL CA and server certificates as native puppet types will assist testing and eliminate the need to deal with complex openssl.cnf configurations.
Expected Behavior: Puppet should be able to create self signed root certificate authorities, signed sub-certificate authorities, CSR’s, and SSL client/server certificates.
Actual Behavior: Currently, SSL certificates are usually created with the Makefile from sial.org or some equivalent tool and raw openssl commands and configuration files.
Additional information: Community members are interested in leveraging the PKI CA built into puppet, however the current implementation is difficult to work with when configuring multiple certificate authorities.
History
#1
Updated by Jeff McCune about 3 years ago
- Category changed from SSL to provider
- Status changed from Unreviewed to Investigating
- Assignee set to Jeff McCune
#2
Updated by Raphaël Pinson 2 months ago
Would these do? https://github.com/camptocamp/puppet-openssl/pull/9