Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2285

Update setup actions to also generate the master cert

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Normal
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Template:
    • Acceptance Criteria:
      Hide
      • the generate action creates a host cert for the puppet master
      • the import command also creates a host cert for the puppet master
      • the host cert created has custom extensions that can be used to identify it as authorized to execute the CA CLI commands
      Show
      the generate action creates a host cert for the puppet master the import command also creates a host cert for the puppet master the host cert created has custom extensions that can be used to identify it as authorized to execute the CA CLI commands
    • Epic Link:
    • Team:
      Froyo
    • QA Risk Assessment:
      Needs Assessment

      Description

      Currently in addition to creating the CA files, puppetserver creates a certificate for the master as part of its bootstrapping process. We have decided it would be better to move this to the gem along with the rest of the CA generation process, whether that is the default generate or importing pre-generated certs. This allows us to more easily control the alt names and extensions that get added to Puppet master certs, which is important because we only want requests made by this CLI tool to be able to come from that master cert.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              maggie Maggie Dreyer
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support