-
Type:
Task
-
Status: Closed
-
Priority:
Normal
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: SERVER 6.0.0
-
Component/s: None
-
Labels:None
-
Template:customfield_10700 275007
-
Acceptance Criteria:
- the master cert generated by puppetserver has the CLI tool auth extension
-
Epic Link:
-
Team:Froyo
-
Release Notes:New Feature
-
Release Notes Summary:The Puppet master's cert is now authorized to connect to the certificate_status endpoint out of the box. This allows the new CA CLI tool to perform CA tasks via Puppet Server's CA API.
-
QA Risk Assessment:Needs Assessment
In order to talk to the certificate_status endpoint, the CLI gem needs the cert it uses to have the right authorization extension. The CA generated by the gem via `generate` or `import` already adds this extension to the master's host cert, but Puppetserver's bootstrapping code does not. We need to update Puppetserver to also add this extension to the master cert.
- relates to
-
SERVER-2323 Backport CA CLI auth extension for master cert
-
- Closed
-
-
SERVER-2287 The master cert created by `generate` should have custom extensions for the `cert_status` endpoint auth
-
- Closed
-