[PA-73] Update ca-certs component to include gandi.net certs and rubygems root ca cert Created: 2015/08/25 Updated: 2016/02/02 Resolved: 2015/11/18
|Fix Version/s:||puppet-agent 1.3.0|
|Reporter:||Past Haus||Assignee:||Ryan McKern|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Epic Link:||PE should ship the certs required for the forge/other PL infra (only)|
|Sprint:||RE 2015-09-09, RE 2015-09-23, RE 2015-10-07|
|Release Notes:||New Feature|
|Release Notes Summary:||Previously, puppet-agent on several platforms, e.g. Solaris, AIX, EL4, etc was unable to connect to the forge or rubygems due to not having local trusted certificate authorities to compare against. The puppet-agent package now includes a select number of CA certificates that allow puppet to make secure authenticated SSL connections, for example when using the puppet module tool to connect to the forge on OSX. This changes affects all puppet-agent platforms except Windows.|
In order to ensure that the puppet agent can still connect to the forge even if the ssl cert is changed for platforms such as osx, aix and solaris we should update the ca-cert component to include likely future certs, which OPS has zipped up in OPS-6537.
|Comment by Past Haus [ 2015/08/25 ]|
This could be adding each of the certs in the zip as a source to the ca-certs component and catting them all together in the build.
|Comment by Ryan McKern [ 2015/09/01 ]|
Verified that concatenating these together works as expected against forge.puppetlabs.com.
|Comment by Ryan McKern [ 2015/10/01 ]|
The use of the puppet-ca-bundle repo has been merged into the master branch of puppet-agent, and is tentatively scheduled for the 1.3.0 release of puppet-agent
|Comment by Ryan McKern [ 2015/10/05 ]|
This has made it through numerous puppet-agent builds