Skip to content
/ puppet-ca_cert Public
forked from voxpupuli/puppet-ca_cert

A puppet module for managing (non-system) CA certificates.

0 stars 51 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

NairolfL/puppet-ca_cert

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
manifests
manifests
 
 
spec
spec
 
 
tests
tests
 
 
.fixtures.yml
.fixtures.yml
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
Gemfile
Gemfile
 
 
README.md
README.md
 
 
Rakefile
Rakefile
 
 
metadata.json
metadata.json
 
 

Repository files navigation

ca_cert

Build Status

Overview

The ca_cert module tries to provide a simple way to manage Certificate Authority (CA) certificates on a Linux system. (Patches are welcome to help support other operating sytems)

Usage

After the ca_cert module has been declared add CA certificates with the ca_cert::ca definition.

ca_cert

ca_cert ensures that the locations and tools needed to manage the CAs are present on your system.

Optional parameters:

  • always_update_certs: Run your system's update CA command even when there are no updates needed. (defaults to false)
  • purge_unmanaged_CAs: Purge non-OS default CAs from the system. This will only remove CAs that might be installed using your OS's default management method. (defaults to false)
  • install_package: Whether or not this module should install the ca_certificates package. The package contains the default trusted (typically Mozilla) CA certificates, as well as the tools required for this module to manage other installed CA certificates. (defaults to true)
  • ca_certs: A hash of certificates you would like added. These may also be defined by declaring ca_cert::ca once for each certificate.

ca_cert::ca

The primary way to add a CA certificate to a system.

ca_cert::ca { 'GlobalSign-OrgSSL-Intermediate':
  ensure => 'trusted',
  source => 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt',
}

ca_cert::ca supports 3 parameters:

  • source: (required) Where the CA certificate should be retrieved from. HTTP, HTTPS, FTP, file, and puppet are all supported protocols.
  • ensure: Whether or not the CA certificate should be on the system or not. Valid values are trusted, present, distrusted, and absent. Trusted is the same as present. On Debian systems untrusted is the same as absent. On RedHat based systems untrusted certificates are placed in a different path before calling the update command. (defaults to trusted)
  • verify_https_cert: If a certificate is retrieved over HTTPS, whether or not the server's certificate should be validated against the fetching machine's trusted CA list or not. (defaults to true)

Supported Platforms

This module has been tested on Ubuntu 14.04, Ubuntu 12.04, and on CentOS 6.

About

A puppet module for managing (non-system) CA certificates.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • Ruby 57.9%
  • Puppet 42.1%