Class Puppet::SSL::CertificateAuthority
In: lib/puppet/ssl/certificate_authority.rb
Parent: Object

The class that knows how to sign certificates. It creates a ‘special’ SSL::Host whose name is ‘ca’, thus indicating that, well, it‘s the CA. There‘s some magic in the indirector/ssl_file terminus base class that does that for us.

  This class mostly just signs certs for us, but

it can also be seen as a general interface into all of the SSL stuff.

Methods

Included Modules

Puppet::Util::Cacher

Classes and Modules

Class Puppet::SSL::CertificateAuthority::CertificateVerificationError

Attributes

host  [R] 
name  [R] 

Public Class methods

If this process can function as a CA, then return a singleton instance.

Public Instance methods

Create and run an applicator. I wanted to build an interface where you could do something like ‘ca.apply(:generate).to(:all) but I don‘t think it‘s really possible.

If autosign is configured, then autosign all CSRs that match our configuration.

Do we autosign? This returns true, false, or a filename.

Create an AuthStore for autosigning.

Retrieve (or create, if necessary) the certificate revocation list.

Delegate this to our Host class.

Generate a new certificate.

Generate our CA certificate.

Generate a new password for the CA.

Retrieve (or create, if necessary) our inventory manager.

List all signed certificates.

Read the next serial from the serial file, and increment the file so this one is considered used.

Does the password file exist?

Print a given host‘s certificate as text.

Revoke a given certificate.

This initializes our CA so it actually works. This should be a private method, except that you can‘t any-instance stub private methods, which is awesome. This method only really exists to provide a stub-point during testing.

Verify a given host‘s certificate.

List the waiting certificate requests.

[Validate]