Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-1747 New CLI tools for interacting with CA
  3. SERVER-2263

Create a subcommand for generating a new key and certificate via the CA CLI

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Template:
    • Acceptance Criteria:
      • the CA CLI has a subcommand to generate certificate-key pairs for a given certname
    • Team:
      Froyo
    • QA Risk Assessment:
      Needs Assessment

      Description

      We need a subcommand that works analogously to puppet cert generate, which creates a key and signed certificate for a given certname. This is commonly used when setting up puppet infrastructure, which needs certs that have subject alternative names and therefore currently can't be signed via the CA API or via autosigning.

      In SERVER-2255, we are already creating a subcommand that we are calling generate, so one of these two will need a new name.

      This command should accept an --allow-subject-alternative-names flag that enables signing CSRs with SANs. Per the work done in PUP-8942, this should allow both DNS and IP alt names. Puppetserver's CA code will need to be updated to allow this, see SERVER-2267.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              amy.sahli Amy Sahli
              Reporter:
              maggie Maggie Dreyer
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support