Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2285 Update setup actions to also generate the master cert
  3. SERVER-2287

The master cert created by `generate` should have custom extensions for the `cert_status` endpoint auth

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: SERVER 5.3.6, SERVER 6.0.0
    • Component/s: None
    • Labels:
      None
    • Template:
    • Team:
      Froyo
    • QA Risk Assessment:
      Needs Assessment

      Description

      We currently do not allow any connection to the certificate_status(es) endpoint by default. However, because the CA CLI gem makes heavy use of it, we need to enable the gem to authenticate itself for that endpoint. We should add a custom extension of some kind of the master certificate created by the generate command that can be checked by auth.conf to allow the master cert to use the endpoint, but no other certs.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              maggie Maggie Dreyer
              Reporter:
              maggie Maggie Dreyer
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support