Bug #1507
CA cert name configuration
| Status: | Closed | Start date: | 08/12/2008 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | SSL | |||
| Target version: | 2.6.0 | |||
| Affected Puppet version: | 0.24.5 | Branch: | ||
| Keywords: | ||||
| Votes: | 0 |
Description
CA cert name should be configurable (FQDN of the host is not always the name of the Puppet master service).
File to modify: lib/puppet/sslcertificates/ca.rb
# Create the root certificate.
def mkrootcert
# Make the root cert's name the FQDN of the host running the CA.
name = Facter["hostname"].value
if domain = Facter["domain"].value
name += "." + domain
end
Related issues
History
Updated by Luke Kanies over 3 years ago
- Status changed from Unreviewed to Accepted
- Target version set to 4
How would you pick the name? Just use the certname, which can be overridden?
And do you really even care what the name in the CA cert is?
Updated by Sébastien Prud'homme over 3 years ago
Here is my situation :
- my server as a hostname which is for instance myserver.mycampany.com
- my puppet service (puppet master) is hosted on this server but we use another DNS name to access it
- when i launch for the first time the puppet master, the CA auto-signed certificate is created with the server hostname instead of the puppet service name
- if i try to access the puppet master from a puppet client, i got an error because the name in certificate is not the same as the name i use to access the puppet master
This is why i suggest that the value should be configurable.
Updated by James Turnbull over 3 years ago
- Category changed from newfeature to SSL
Updated by Gabriel Purrenhage over 3 years ago
I’m just getting started with Puppet, so forgive me if I’m off base, but I’ve got certname = ‘host.domain.tld’ in the [puppetmasterd] section of puppet.conf on my server, and it works perfectly. Isn’t that exactly what the certname configuration items is for?
Updated by Luke Kanies over 2 years ago
- Target version changed from 4 to 2.6.0
This is a very simple addition, and it’s come up a bit now, so it’s worth implementing.
Updated by Luke Kanies over 2 years ago
- Status changed from Accepted to In Topic Branch Pending Review
Provided a fix for this in the branch for #2617.
Updated by James Turnbull about 2 years ago
- Status changed from In Topic Branch Pending Review to Closed
Pushed in commit:2d137e2e1ce603ee2727d66b1aba57458bf4d1be in branch master.