Details
-
Task
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
None
-
None
-
None
-
- the master cert generated by puppetserver has the CLI tool auth extension
-
Froyo
-
New Feature
-
The Puppet master's cert is now authorized to connect to the certificate_status endpoint out of the box. This allows the new CA CLI tool to perform CA tasks via Puppet Server's CA API.
-
Needs Assessment
Description
In order to talk to the certificate_status endpoint, the CLI gem needs the cert it uses to have the right authorization extension. The CA generated by the gem via `generate` or `import` already adds this extension to the master's host cert, but Puppetserver's bootstrapping code does not. We need to update Puppetserver to also add this extension to the master cert.
Attachments
Issue Links
- relates to
-
SERVER-2323 Backport CA CLI auth extension for master cert
-
- Closed
-
-
SERVER-2287 The master cert created by `generate` should have custom extensions for the `cert_status` endpoint auth
-
- Closed
-