Details
-
New Feature
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
None
-
None
-
- Puppetserver has a allow-subject-altnames setting that allows the API to sign CSRs with alt names.
- The setting is false by default
-
Froyo
-
New Feature
-
-
Needs Assessment
Description
Currently we completely disallow signing certificate requests with subject alternative names from Puppetserver's certificate_status endpoint. However, with the removal of the puppet cert command, users need a way to allow this. Because it could still be risky (see comments on SERVER-2268), we should introduce a setting that users can enable in puppetserver's config if they need this behavior, similar to the Ruby CA's allow-dns-alt-names. Because we intend to also support IP alt names, the name should not refer specifically to DNS.
Attachments
Issue Links
- is cloned by
-
SERVER-2290 Add a setting to enable signing CSRs with authorization extensions
-
- Closed
-
- relates to
-
SERVER-2318 Add CLI flag to sign CSRs with SANs
-
- Closed
-
-
SERVER-2268 Enable `puppetserver ca sign` to sign certs with SANs
-
- Resolved
-