Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/smortex/puppet-renew-certificate
Tool to renew Puppet CA and client certificates
https://github.com/smortex/puppet-renew-certificate
hacktoberfest pki puppet ssl x509
Last synced: 2 days ago
JSON representation
Tool to renew Puppet CA and client certificates
- Host: GitHub
- URL: https://github.com/smortex/puppet-renew-certificate
- Owner: smortex
- Created: 2018-01-26T17:13:33.000Z (about 7 years ago)
- Default Branch: main
- Last Pushed: 2024-09-23T15:11:09.000Z (4 months ago)
- Last Synced: 2024-10-19T22:28:43.133Z (4 months ago)
- Topics: hacktoberfest, pki, puppet, ssl, x509
- Language: Ruby
- Homepage:
- Size: 24.4 KB
- Stars: 0
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# puppet-renew-certificate
Tool to renew Puppet CA and client certificates.
## Usage
Clone the repository and renew CA and client certificates:
```sh-session
user@puppetserver ~ $ git clone https://github.com/smortex/puppet-renew-certificate.git
user@puppetserver ~ $ cd puppet-renew-certificate
user@puppetserver ~/puppet-renew-certificate $ bundle install
user@puppetserver ~/puppet-renew-certificate $ sudo bundle exec exe/puppet-renew-certificate /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem /etc/puppetlabs/puppet/ssl/ca/signed/*.pem
```
After renewal, remove the old certificates from the nodes:
* If you renewed the CA certificate, remove it from each node (an orchestration tool like choria is helpful). Puppet will download it on next run. If you are paranoid, copy the updated certificate on each remote node: when no CA certificate is installed, puppet cannot verify the identity of the remote node and use a Trust On First Use (TOFU) authentication scheme;
* If you renewed a client certificates, remove that certificate on the node using it. Puppet will download the updated certificate on the next run.