Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9574

allow_duplicate_certs description is misleading

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.4.1
    • Component/s: None
    • Template:
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Release Notes:
      Enhancement
    • Release Notes Summary:
      Update docs for the "allow_duplicate_certs" setting to indicate that it allows new requests to overwrite old requests, but it doesn't overwrite an existing cert. The request still need to be signed for that to happen.
    • QA Risk Assessment:
      Needs Assessment

      Description

      We currently say

      Whether to allow a new certificate request to overwrite an existing certificate.

      but that's incorrect. It allows the agent to submit a CSR even if the server has a CSR or a signed cert with that name. In the former case, the agent's CSR overwrites the old one. In the latter case, the server will have the new CSR and the old cert, and will manually need to revoke the old cert and sign the new CSR.

        Attachments

          Activity

            People

            Assignee:
            josh Josh Cooper
            Reporter:
            josh Josh Cooper
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support