Bug #1507
CA cert name configuration
| Status: | Closed | Start: | 08/12/2008 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | SSL | |||
| Target version: | 2.6.0 | |||
| Affected version: | 0.24.5 | Branch: | ||
| Keywords: | ||||
| Votes: | 0 |
Description
CA cert name should be configurable (FQDN of the host is not always the name of the Puppet master service).
File to modify: lib/puppet/sslcertificates/ca.rb
# Create the root certificate.
def mkrootcert
# Make the root cert's name the FQDN of the host running the CA.
name = Facter["hostname"].value
if domain = Facter["domain"].value
name += "." + domain
end
Related issues
| related to Puppet - Bug #2617: Problem with certs upgrading puppetmaster to 0.25.0 | Closed | 09/09/2009 |
Associated revisions
Revision 2d137e2e1ce603ee2727d66b1aba57458bf4d1be
Fixing #1507 – Adding a :ca_name setting
This allows one to specify the name to use in the CA certificate. It defaults to the :certname, but for those stuck using mod_ssl it can be changed.
Signed-off-by: Luke Kanies luke@madstop.com
History
Updated by Luke Kanies almost 2 years ago
- Status changed from Unreviewed to Accepted
- Target version set to unplanned
How would you pick the name? Just use the certname, which can be overridden?
And do you really even care what the name in the CA cert is?
Updated by Sébastien Prud'homme almost 2 years ago
Here is my situation :
- my server as a hostname which is for instance myserver.mycampany.com
- my puppet service (puppet master) is hosted on this server but we use another DNS name to access it
- when i launch for the first time the puppet master, the CA auto-signed certificate is created with the server hostname instead of the puppet service name
- if i try to access the puppet master from a puppet client, i got an error because the name in certificate is not the same as the name i use to access the puppet master
This is why i suggest that the value should be configurable.
Updated by James Turnbull almost 2 years ago
- Category changed from newfeature to SSL
Updated by Gabriel Purrenhage over 1 year ago
I’m just getting started with Puppet, so forgive me if I’m off base, but I’ve got certname = ‘host.domain.tld’ in the [puppetmasterd] section of puppet.conf on my server, and it works perfectly. Isn’t that exactly what the certname configuration items is for?
Updated by Luke Kanies 10 months ago
- Target version changed from unplanned to 2.6.0
This is a very simple addition, and it’s come up a bit now, so it’s worth implementing.
Updated by Luke Kanies 10 months ago
- Status changed from Accepted to Ready for Testing
Provided a fix for this in the branch for #2617.
Updated by James Turnbull 8 months ago
- Status changed from Ready for Testing to Closed
Pushed in commit:“2d137e2e1ce603ee2727d66b1aba57458bf4d1be” in branch master.