[SERVER-2510] Allow certs to be signed by fingerprint - Puppet Jira Server

XML

Word

Printable

Details

Type: New Feature
Status: Closed
Priority: Normal
Resolution: Won't Do
Affects Version/s: None
Fix Version/s: None
Component/s: Certificate Authority
Labels:
Environment:

All

Epic Link:
Future CA Improvements

UX Priority:
Minor

Description

Puppet cert sign should support signing by fingerprint. Signing by hostname can be dangerous and/or annoying if an attacker creates certificate requests in bulk with hostnames that you want to sign. Fingerprint should not be remotely guessable, and should be the safest option.

This will probably involve updates to both the CA API and the puppetserver ca command line tool.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Teran McKinney

QA Contact:: Kurt Wall

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2014/10/09 6:51 PM

Updated:: 2022/03/08 8:44 AM

Resolved:: 2022/03/08 8:44 AM

Zendesk Support

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified