Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2308

Update puppetserver's CA bootstrapping code to add CLI tool auth extension

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • SERVER 6.0.0
    • None
    • None
      • the master cert generated by puppetserver has the CLI tool auth extension
    • Froyo
    • New Feature
    • The Puppet master's cert is now authorized to connect to the certificate_status endpoint out of the box. This allows the new CA CLI tool to perform CA tasks via Puppet Server's CA API.
    • Needs Assessment

    Description

      In order to talk to the certificate_status endpoint, the CLI gem needs the cert it uses to have the right authorization extension. The CA generated by the gem via `generate` or `import` already adds this extension to the master's host cert, but Puppetserver's bootstrapping code does not. We need to update Puppetserver to also add this extension to the master cert.

      Attachments

        Issue Links

          Activity

            People

              maggie Maggie Dreyer
              maggie Maggie Dreyer
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support