-
Type:
New Feature
-
Status: Closed
-
Priority:
Normal
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: SERVER 5.3.6, SERVER 6.0.0
-
Component/s: DOCS
-
Labels:None
-
Template:
-
Acceptance Criteria:
- Puppetserver has a allow-subject-altnames setting that allows the API to sign CSRs with alt names.
- The setting is false by default
-
Epic Link:
-
Team:Froyo
-
Release Notes:New Feature
-
Release Notes Summary:
-
QA Risk Assessment:Needs Assessment
Currently we completely disallow signing certificate requests with subject alternative names from Puppetserver's certificate_status endpoint. However, with the removal of the puppet cert command, users need a way to allow this. Because it could still be risky (see comments on SERVER-2268), we should introduce a setting that users can enable in puppetserver's config if they need this behavior, similar to the Ruby CA's allow-dns-alt-names. Because we intend to also support IP alt names, the name should not refer specifically to DNS.
- is cloned by
-
SERVER-2290 Add a setting to enable signing CSRs with authorization extensions
-
- Closed
-
- relates to
-
SERVER-2318 Add CLI flag to sign CSRs with SANs
-
- Accepted
-
-
SERVER-2268 Enable `puppetserver ca sign` to sign certs with SANs
-
- Resolved
-