Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2678

Puppet Server CA API should allow a per-cert TTL

    XMLWordPrintable

    Details

    • Template:
    • Team:
      Froyo
    • Release Notes:
      New Feature
    • Release Notes Summary:
      Hide
      When requesting that a certificate be signed, the `certificate-status` API endpoint can now accept a TTL in its body under the key `cert_ttl`, which will determine the validity period of the cert being signed. The unit defaults to seconds but can be specified with the same unit markers Puppet's settings understand.

      This note can probably be combined with the one on PE-27489, to indicate that a per-cert TTL can be set either via the HTTP API directly, or via these CLI commands.
      Show
      When requesting that a certificate be signed, the `certificate-status` API endpoint can now accept a TTL in its body under the key `cert_ttl`, which will determine the validity period of the cert being signed. The unit defaults to seconds but can be specified with the same unit markers Puppet's settings understand. This note can probably be combined with the one on PE-27489, to indicate that a per-cert TTL can be set either via the HTTP API directly, or via these CLI commands.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Story

      As a user, I would like to generate certificates with a specific TTL to meet my security standards.  

      Background 

      We need to add a --ttl flag to the puppetserver cli and setting it via the API is a requirement of that.  See this comment for more details.

      https://tickets.puppetlabs.com/browse/PE-27489?focusedCommentId=696116&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-696116

        Attachments

          Activity

            People

            Assignee:
            tony.vu Tony Vu
            Reporter:
            nick.walker Nick Walker
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support