[SERVER-2287] The master cert created by `generate` should have custom extensions for the `cert_status` endpoint auth - Puppet Jira Server

XML

Word

Printable

Details

Type: Sub-task
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: SERVER 5.3.6, SERVER 6.0.0
Component/s: None
Labels:
None

Team:
Froyo

QA Risk Assessment:
Needs Assessment

Description

We currently do not allow any connection to the certificate_status(es) endpoint by default. However, because the CA CLI gem makes heavy use of it, we need to enable the gem to authenticate itself for that endpoint. We should add a custom extension of some kind of the master certificate created by the generate command that can be checked by auth.conf to allow the master cert to use the endpoint, but no other certs.

Attachments

Issue Links

relates to

SERVER-2355 Document Puppet Server's pp_cli_auth setting in auth.conf

Open

PUP-9964 Puppet Server CA auth is missing from the list of recognized certificate extensions

Accepted

SERVER-2308 Update puppetserver's CA bootstrapping code to add CLI tool auth extension

Closed

SERVER-2323 Backport CA CLI auth extension for master cert

Closed

Activity

People

Assignee:: Maggie Dreyer

Reporter:: Maggie Dreyer

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2018/08/15 12:02 PM

Updated:: 2022/07/11 10:15 AM

Resolved:: 2018/09/19 12:35 PM