Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9574

allow_duplicate_certs description is misleading

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.4.1
    • Component/s: None
    • Release Notes:
      Enhancement
    • Release Notes Summary:
      Update docs for the "allow_duplicate_certs" setting to indicate that it allows new requests to overwrite old requests, but it doesn't overwrite an existing cert. The request still need to be signed for that to happen.
    • QA Risk Assessment:
      Needs Assessment

      Description

      We currently say

      Whether to allow a new certificate request to overwrite an existing certificate.

      but that's incorrect. It allows the agent to submit a CSR even if the server has a CSR or a signed cert with that name. In the former case, the agent's CSR overwrites the old one. In the latter case, the server will have the new CSR and the old cert, and will manually need to revoke the old cert and sign the new CSR.

        Attachments

          Activity

            People

            • Assignee:
              josh Josh Cooper
              Reporter:
              josh Josh Cooper
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support