puppet-ssl - Manage SSL keys and certificates for puppet SSL clients
Manage SSL keys and certificates for SSL clients needing to communicate with a puppet infrastructure.
PUPPET-SSL(8) Puppet manual PUPPET-SSL(8)
NAME
puppet-ssl - Manage SSL keys and certificates for puppet SSL clients
SYNOPSIS
Manage SSL keys and certificates for SSL clients needing to communicate
with a puppet infrastructure.
USAGE
puppet ssl action [-h|--help] [-v|--verbose] [-d|--debug] [--localca]
[--target CERTNAME]
OPTIONS
o --help: Print this help message.
o --verbose: Print extra information.
o --debug: Enable full debugging.
o --localca Also clean the local CA certificate and CRL.
o --target CERTNAME Clean the specified device certificate instead of
this host's certificate.
ACTIONS
bootstrap
Perform all of the steps necessary to request and download a
client certificate. If autosigning is disabled, then puppet will
wait every waitforcert seconds for its certificate to be signed.
To only attempt once and never wait, specify a time of 0. Since
waitforcert is a Puppet setting, it can be specified as a time
interval, such as 30s, 5m, 1h.
submit_request
Generate a certificate signing request (CSR) and submit it to
the CA. If a private and public key pair already exist, they
will be used to generate the CSR. Otherwise a new key pair will
be generated. If a CSR has already been submitted with the given
certname, then the operation will fail.
download_cert
Download a certificate for this host. If the current private key
matches the downloaded certificate, then the certificate will be
saved and used for subsequent requests. If there is already an
existing certificate, it will be overwritten.
verify Verify the private key and certificate are present and match,
verify the certificate is issued by a trusted CA, and check
revocation status.
clean Remove the private key and certificate related files for this
host. If --localca is specified, then also remove this host's
local copy of the CA certificate(s) and CRL bundle. if --target
CERTNAME is specified, then remove the files for the specified
device on this host instead of this host.
show Print the full-text version of this host's certificate.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+--------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+--------------------------+
|Availability | system/management/puppet |
+---------------+--------------------------+
|Stability | Volatile |
+---------------+--------------------------+
NOTES
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from https://github.com/puppetlabs/puppet.
Further information about this software can be found on the open source
community website at http://puppetlabs.com/.
Puppet, Inc. January 2022 PUPPET-SSL(8)