puppet-ssl(8)

1PUPPET-SSL(8)                    Puppet manual                   PUPPET-SSL(8)
2
3
4

NAME

6       puppet-ssl - Manage SSL keys and certificates for puppet SSL clients
7

SYNOPSIS

9       Manage SSL keys and certificates for SSL clients needing to communicate
10       with a puppet infrastructure.
11

USAGE

13       puppet ssl action [-h|--help] [-v|--verbose]  [-d|--debug]  [--localca]
14       [--target CERTNAME]
15

OPTIONS

17       •   --help: Print this help message.
18
19       •   --verbose: Print extra information.
20
21       •   --debug: Enable full debugging.
22
23       •   --localca Also clean the local CA certificate and CRL.
24
25       •   --target CERTNAME Clean the specified device certificate instead of
26           this host´s certificate.
27
28
29

ACTIONS

31       bootstrap
32              Perform all of the steps necessary to  request  and  download  a
33              client certificate. If autosigning is disabled, then puppet will
34              wait every waitforcert seconds for its certificate to be signed.
35              To  only attempt once and never wait, specify a time of 0. Since
36              waitforcert is a Puppet setting, it can be specified as  a  time
37              interval, such as 30s, 5m, 1h.
38
39       submit_request
40              Generate  a  certificate  signing request (CSR) and submit it to
41              the CA. If a private and public key  pair  already  exist,  they
42              will  be used to generate the CSR. Otherwise a new key pair will
43              be generated. If a CSR has already been submitted with the given
44              certname, then the operation will fail.
45
46       generate_request
47              Generate  a  certificate signing request (CSR). If a private and
48              public key pair already exist, they will be used to generate the
49              CSR. Otherwise a new key pair will be generated.
50
51       download_cert
52              Download a certificate for this host. If the current private key
53              matches the downloaded certificate, then the certificate will be
54              saved  and  used for subsequent requests. If there is already an
55              existing certificate, it will be overwritten.
56
57       verify Verify the private key and certificate are  present  and  match,
58              verify  the certificate is issued by a trusted CA, and check re‐
59              vocation status.
60
61       clean  Remove the private key and certificate related  files  for  this
62              host.  If  --localca  is specified, then also remove this host´s
63              local copy of the CA certificate(s) and CRL bundle. if  --target
64              CERTNAME  is  specified, then remove the files for the specified
65              device on this host instead of this host.
66
67       show   Print the full-text version of this host´s certificate.
68
69
70
71
72Puppet, Inc.                     October 2023                    PUPPET-SSL(8)