Skip to content

ehelms/puppet-openssl

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

194 Commits

lib/puppet

lib/puppet

 
 

manifests

manifests

 
 

spec

spec

 
 

templates

templates

 
 

tests

tests

 
 

.fixtures.yml

.fixtures.yml

 
 

.gitignore

.gitignore

 
 

.puppet-lint.rc

.puppet-lint.rc

 
 

.sync.yml

.sync.yml

 
 

.travis.yml

.travis.yml

 
 

CHANGELOG.md

CHANGELOG.md

 
 

Gemfile

Gemfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

metadata.json

metadata.json

 
 

Repository files navigation

OpenSSL Puppet Module

Puppet Forge Build Status

This module manages OpenSSL.

Types and providers

This module provides three types and associated providers to manage SSL keys and certificates.

In every case, not providing the password (or setting it to undef, which is the default) means that the private key won't be encrypted with any symmetric cipher so it is completely unprotected.

ssl_pkey

This type allows to generate SSL private keys.

Simple usage:

ssl_pkey { '/path/to/private.key': }

Advanced options:

ssl_pkey { '/path/to/private.key':
  ensure   => 'present',
  password => 'j(D$',
}

x509_cert

This type allows to generate SSL certificates from a private key. You need to deploy a template file (templates/cert.cnf.erb is an example).

Simple usage:

x509_cert { '/path/to/certificate.crt': }

Advanced options:

x509_cert { '/path/to/certificate.crt':
  ensure      => 'present',
  password    => 'j(D$',
  template    => '/other/path/to/template.cnf',
  private_key => '/there/is/my/private.key',
  days        => 4536,
  force       => false,
}

x509_request

This type allows to generate SSL certificate signing requests from a private key. You need to deploy a template file (templates/cert.cnf.erb is an example).

Simple usage:

x509_request { '/path/to/request.csr': }

Advanced options:

x509_request { '/path/to/request.csr':
  ensure      => 'present',
  password    => 'j(D$',
  template    => '/other/path/to/template.cnf',
  private_key => '/there/is/my/private.key',
  force       => false,
}

Definitions

openssl::certificate::x509

This definition is a wrapper around the ssl_pkey, x509_cert and x509_request types. It generates a certificate template, then generates the private key, certificate and certificate signing request and sets the owner of the files.

Simple usage:

openssl::certificate::x509 { 'foo':
  country      => 'CH',
  organization => 'Example.com',
  commonname   => $fqdn,
}

Advanced options:

openssl::certificate::x509 { 'foo':
  ensure       => present,
  country      => 'CH',
  organization => 'Example.com',
  commonname   => $fqdn,
  state        => 'Here',
  locality     => 'Myplace',
  unit         => 'MyUnit',
  altnames     => ['a.com', 'b.com', 'c.com'],
  email        => 'contact@foo.com',
  days         => 3456,
  base_dir     => '/var/www/ssl',
  owner        => 'www-data',
  group        => 'www-data',
  password     => 'j(D$',
  force        => false,
  cnf_tpl      => 'my_module/cert.cnf.erb'
}

openssl::export::pkcs12

This definition generates a pkcs12 file:

openssl::export::pkcs12 { 'foo':
  ensure   => 'present',
  basedir  => '/path/to/dir',
  pkey     => '/here/is/my/private.key',
  cert     => '/there/is/the/cert.crt',
  in_pass  => 'my_pkey_password',
  out_pass => 'my_pkcs12_password',
}

Contributing

Please report bugs and feature request using GitHub issue tracker.

For pull requests, it is very much appreciated to check your Puppet manifest with puppet-lint to follow the recommended Puppet style guidelines from the Puppet Labs style guide.

About

Puppet OpenSSL module

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

13 tags

Packages

No packages published

Languages

  • Ruby 84.3%
  • Puppet 15.7%