Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2510

Allow certs to be signed by fingerprint

    XMLWordPrintable

    Details

    • Template:
    • UX Priority:
      Minor

      Description

      Puppet cert sign should support signing by fingerprint. Signing by hostname can be dangerous and/or annoying if an attacker creates certificate requests in bulk with hostnames that you want to sign. Fingerprint should not be remotely guessable, and should be the safest option.

      This will probably involve updates to both the CA API and the puppetserver ca command line tool.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            sega01 Teran McKinney
            QA Contact:
            Kurt Wall
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support

                  Time Tracking

                  Estimated:
                  Original Estimate - 4 hours
                  4h
                  Remaining:
                  Remaining Estimate - 4 hours
                  4h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified