Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2678

Puppet Server CA API should allow a per-cert TTL

    XMLWordPrintable

Details

    • New Feature
    • Hide
      When requesting that a certificate be signed, the `certificate-status` API endpoint can now accept a TTL in its body under the key `cert_ttl`, which will determine the validity period of the cert being signed. The unit defaults to seconds but can be specified with the same unit markers Puppet's settings understand.

      This note can probably be combined with the one on PE-27489, to indicate that a per-cert TTL can be set either via the HTTP API directly, or via these CLI commands.
      Show
      When requesting that a certificate be signed, the `certificate-status` API endpoint can now accept a TTL in its body under the key `cert_ttl`, which will determine the validity period of the cert being signed. The unit defaults to seconds but can be specified with the same unit markers Puppet's settings understand. This note can probably be combined with the one on PE-27489, to indicate that a per-cert TTL can be set either via the HTTP API directly, or via these CLI commands.
    • Needs Assessment

    Description

      Story

      As a user, I would like to generate certificates with a specific TTL to meet my security standards.  

      Background 

      We need to add a --ttl flag to the puppetserver cli and setting it via the API is a requirement of that.  See this comment for more details.

      https://tickets.puppetlabs.com/browse/PE-27489?focusedCommentId=696116&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-696116

      Attachments

        Activity

          People

            tony.vu Tony Vu
            nick.walker Nick Walker
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Zendesk Support