-
Type:
Sub-task
-
Status: Closed
-
Priority:
Normal
-
Resolution: Won't Do
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Template:customfield_10700 244649
-
Acceptance Criteria:
- puppetserver no longer generates a CA on startup
-
Team:Froyo
-
QA Risk Assessment:Needs Assessment
As part of the improvements around intermediate CA support, we want to make CA initialization more explicit. Once we have subcommands for the new CA CLI tool for generating a CA (see SERVER-2176), and a step in the PE installer to run that tool as part of installation (see PE-24739), we need to remove the CA bootstrapping code from puppetserver. Note that this refers only to the code that automatically generates CA files when starting the server for the first time, not the code to sign and set up the master host cert.
- is blocked by
-
SERVER-2264 Update puppetserver clojure integration tests to handle lack of CA bootstrapping
-
- Closed
-
-
SERVER-2172 Simple CLI tool for setting up an intermediate CA
-
- Closed
-
-
SERVER-2176 The CA that signs agent requests should be an intermediate CA by default
-
- Closed
-
- relates to
-
SERVER-2197 Puppetserver needs to serve the CA bundle from the CA cert endpoint
-
- Closed
-