Class Puppet::SSLCertificates::CA
In: lib/puppet/sslcertificates/ca.rb
Parent: Object

Methods

Included Modules

Puppet::Util::Warnings

Constants

Certificate = Puppet::SSLCertificates::Certificate

Attributes

cert  [RW] 
config  [RW] 
crl  [RW] 
dir  [RW] 
file  [RW] 
keyfile  [RW] 

Public Class methods

Public Instance methods

Remove all traces of a given host. This is kind of hackish, but, eh.

Generate a new password for the CA.

Get the CA cert.

Retrieve a client‘s certificate.

Retrieve a client‘s CSR.

Get the CA password.

this stores signed certs in a directory unrelated to normal client certs

List certificates waiting to be signed. This returns a list of hostnames, not actual files — the names can be converted to full paths with host2csrfile.

List signed certificates. This returns a list of hostnames, not actual files — the names can be converted to full paths with host2csrfile.

Create the root certificate.

Revoke the certificate with serial number SERIAL issued by this CA. The REASON must be one of the OpenSSL::OCSP::REVOKED_* reasons

Take the Puppet config and store it locally.

Sign a given certificate request.

Store the certificate that we generate.

Store the client‘s CSR for later signing. This is called from server/ca.rb, and the CSRs are deleted once the certificate is actually signed.

Turn our hostname into a Name object

TTL for new certificates in seconds. If config param :ca_ttl is set, use that, otherwise use :ca_days for backwards compatibility

[Validate]