diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -18,15 +18,12 @@ jobs:
         id: gv
         run: |
           echo "ver=$(jq --raw-output .version metadata.json)" >> $GITHUB_OUTPUT
-      - name: Create Release
-        uses: actions/create-release@v1
+      - name: Create release
         id: create_release
+        run: |
+          gh release create v${{ steps.gv.outputs.ver }} --title v${{ steps.gv.outputs.ver }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: "v${{ steps.gv.outputs.ver }}"
-          draft: false
-          prerelease: false
 
   deploy-forge:
     name: Deploy to Forge

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,14 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v3.5.0](https://github.com/puppetlabs/ca_extend/tree/v3.5.0) (2023-10-03)
+
+[Full Changelog](https://github.com/puppetlabs/ca_extend/compare/v3.4.0...v3.5.0)
+
+### Added
+
+- \(SUP-3564\) Support more types of infra nodes [\#89](https://github.com/puppetlabs/ca_extend/pull/89) ([m0dular](https://github.com/m0dular))
+
 ## [v3.4.0](https://github.com/puppetlabs/ca_extend/tree/v3.4.0) (2023-07-19)
 
 [Full Changelog](https://github.com/puppetlabs/ca_extend/compare/v3.3.1...v3.4.0)

diff --git a/README.md b/README.md
@@ -34,7 +34,7 @@ If the CA certificate is stored in any keystores, those will also need to be upd
 The functionality of this module is composed into two Plans:
 
 *  `ca_extend::extend_ca_cert`
-    * Extend the CA certificate and configure the primary Puppet server and any Compilers to use that extended certificate.
+    * Extend the CA certificate and configure the primary Puppet server, Replica, Compilers, and Postgres nodes to use that extended certificate.
 *  `ca_extend::upload_ca_cert`
     * Distribute the CA certificate to agents using transport supported by Puppet Bolt, such as `ssh` and `winrm`.
 
@@ -158,7 +158,7 @@ If, and only if, the `notAfter` date printed has already passed, then the primar
 > Note: This plan will also run the `ca_extend::check_crl_cert` task and if the crl is expired, will automatically resolve the issue by running the `ca_extend::crl_truncate` task.
 
 ```bash
-bolt plan run ca_extend::extend_ca_cert regen_primary_cert=true --targets <primary_fqdn> compilers=<comma_separated_compiler_fqdns> --run-as root
+bolt plan run ca_extend::extend_ca_cert regen_primary_cert=true --targets <primary_fqdn> replica=<replica_fqdn> compilers=<comma_separated_compiler_fqdns> --run-as root
 ```
 
 Note that if you are running `extend_ca_cert` locally on the primary Puppet server, you can avoid potential Bolt transport issues by specifying `--targets local://hostname`, e.g.

diff --git a/REFERENCE.md b/REFERENCE.md
@@ -148,6 +148,8 @@ The following parameters are available in the `ca_extend::extend_ca_cert` plan:
 
 * [`targets`](#-ca_extend--extend_ca_cert--targets)
 * [`compilers`](#-ca_extend--extend_ca_cert--compilers)
+* [`replica`](#-ca_extend--extend_ca_cert--replica)
+* [`psql_nodes`](#-ca_extend--extend_ca_cert--psql_nodes)
 * [`ssldir`](#-ca_extend--extend_ca_cert--ssldir)
 * [`regen_primary_cert`](#-ca_extend--extend_ca_cert--regen_primary_cert)
 
@@ -161,7 +163,23 @@ The target node on which to run the plan.  Should be the primary Puppet server
 
 Data type: `Optional[TargetSpec]`
 
-Optional comma separated list of compilers to upload the certificate to
+Optional comma separated list of compilers to configure to use the extended CA
+
+Default value: `undef`
+
+##### <a name="-ca_extend--extend_ca_cert--replica"></a>`replica`
+
+Data type: `Optional[TargetSpec]`
+
+Optional replica to configure to use the extended CA
+
+Default value: `undef`
+
+##### <a name="-ca_extend--extend_ca_cert--psql_nodes"></a>`psql_nodes`
+
+Data type: `Optional[TargetSpec]`
+
+Optional comma separated list of psql nodes to configure to use the extended CA
 
 Default value: `undef`
 

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-ca_extend",
-  "version": "3.4.0",
+  "version": "3.5.0",
   "author": "Adrian Parreiras Horta",
   "summary": "A set of Bolt Plans and Tasks to extend the CA cert in Puppet Enterprise",
   "license": "GPL-2.0-only",

diff --git a/plans/extend_ca_cert.pp b/plans/extend_ca_cert.pp
@@ -2,7 +2,9 @@
 #   Plan that extends the Puppet CA certificate and configures the primary Puppet server
 #   and Compilers to use the extended certificate.
 # @param targets The target node on which to run the plan.  Should be the primary Puppet server
-# @param compilers Optional comma separated list of compilers to upload the certificate to
+# @param compilers Optional comma separated list of compilers to configure to use the extended CA
+# @param replica Optional replica to configure to use the extended CA
+# @param psql_nodes Optional comma separated list of psql nodes to configure to use the extended CA
 # @param ssldir Location of the ssldir on disk
 # @param regen_primary_cert Whether to also regenerate the agent certificate of the primary Puppet server
 # @example Extend the CA cert and regenerate the primary agent cert locally on the primary Puppet server
@@ -12,6 +14,8 @@
 plan ca_extend::extend_ca_cert(
   TargetSpec $targets,
   Optional[TargetSpec] $compilers = undef,
+  Optional[TargetSpec] $replica = undef,
+  Optional[TargetSpec] $psql_nodes = undef,
   $ssldir                               = '/etc/puppetlabs/puppet/ssl',
   $regen_primary_cert                   = false,
 ) {
@@ -20,11 +24,22 @@
 
   if $primary_facts['pe_build'] {
     $is_pe = true
-    $services = ['puppet', 'pe-puppetserver', 'pe-postgresql']
+
+    $primary_services = [
+      'puppet',
+      'pe-puppetserver',
+      'pe-postgresql',
+      'pe-puppetdb',
+      'pe-ace-server',
+      'pe-bolt-server',
+      'pe-console-services',
+      'pe-orchestration-services',
+    ]
+    $replica_services = ['pe-puppetserver', 'pe-postgresql', 'pe-puppetdb', 'pe-console-services']
   }
   elsif $primary_facts['puppetversion'] {
     $is_pe = false
-    $services = ['puppet', 'puppetserver']
+    $primary_services = ['puppet', 'puppetserver']
   }
   else {
     fail_plan("Puppet not detected on ${targets}")
@@ -49,7 +64,7 @@
   }
 
   out::message("INFO: Stopping Puppet services on ${targets}")
-  $services.each |$service| {
+  $primary_services.each |$service| {
     run_task('service::linux', $targets, 'action' => 'stop', 'name' => $service)
   }
 
@@ -75,18 +90,85 @@
   $tmp_file = $tmp.first.value['stdout'].chomp
   file::write($tmp_file, $cert_contents)
 
+  run_command('/opt/puppetlabs/bin/puppet agent --no-daemonize --no-noop --onetime', $targets)
+
+  if $is_pe and $replica {
+    out::message("INFO: Stopping Puppet services on ${replica}")
+    # Stop and start the puppet service manually on replicas
+    run_task('service::linux', $replica, 'action' => 'stop', 'name' => 'puppet')
+
+    $replica_services.each |$service| {
+      run_task('service::linux', $replica, 'action' => 'stop', 'name' => $service)
+    }
+
+    out::message("INFO: Configuring the replica (${replica}) to use the extended CA certificate")
+    upload_file($tmp_file, '/etc/puppetlabs/puppet/ssl/certs/ca.pem', $replica)
+
+    # Run the agent to restart the appropriate services
+    out::message("INFO: running Puppet agent on ${replica}")
+    run_command('/opt/puppetlabs/bin/puppet agent --no-daemonize --no-noop --onetime', $replica)
+
+    # Re-enable the Puppet service
+    run_task('service::linux', $compilers, 'action' => 'start', 'name' => 'puppet')
+  }
+
   if $compilers {
     out::message("INFO: Stopping Puppet services on compilers (${compilers})")
     run_task('service::linux', $compilers, 'action' => 'stop', 'name' => 'puppet')
 
     out::message("INFO: Configuring compilers (${compilers}) to use the extended CA certificate")
     upload_file($tmp_file, '/etc/puppetlabs/puppet/ssl/certs/ca.pem', $compilers)
 
-    # Just running Puppet with the new CA certificate in place should be enough.
+    if $is_pe {
+      # Use the service::linux task to check if PDB is running on compilers and restart it if so
+      $pdb_compilers = run_task('service::linux', $compilers, 'action' => 'status', 'name' => 'pe-puppetdb').filter_set |$compiler| {
+      $compiler['enabled'] !~ /^Failed to get unit file state/ }.map |$result| {
+        $result.target
+      }
+      $legacy_compilers = get_targets($compilers) - $pdb_compilers
+
+      unless $pdb_compilers.empty {
+        out::message('INFO: stopping services on PDB compilers')
+        ['pe-puppetserver', 'pe-puppetdb'].each |$service| {
+          run_task('service::linux', $pdb_compilers, 'action' => 'stop', 'name' => $service)
+        }
+      }
+
+      unless $legacy_compilers.empty {
+        out::message('INFO: stopping services on legacy compilers')
+        run_task('service::linux', $legacy_compilers, 'action' => 'stop', 'name' => 'pe-puppetserver')
+      }
+    }
+    else {
+      out::message('INFO: stopping services on compilers')
+      run_task('service::linux', $compilers, 'action' => 'stop', 'name' => 'pe-puppetserver')
+    }
+
+    # Run the agent to restart the appropriate services
+    out::message("INFO: running Puppet agent on ${compilers}")
     run_command('/opt/puppetlabs/bin/puppet agent --no-daemonize --no-noop --onetime', $compilers)
+
+    # Re-enable the Puppet service
     run_task('service::linux', $compilers, 'action' => 'start', 'name' => 'puppet')
   }
 
+  if $psql_nodes {
+    out::message("INFO: Stopping Puppet services on psql nodes (${psql_nodes})")
+    ['puppet', 'pe-postgresql'].each |$service| {
+      run_task('service::linux', $psql_nodes, 'action' => 'stop', 'name' => $service)
+    }
+
+    out::message("INFO: Configuring psql nodes (${psql_nodes}) to use the extended CA certificate")
+    upload_file($tmp_file, '/etc/puppetlabs/puppet/ssl/certs/ca.pem', $psql_nodes)
+
+    # Run the agent to restart the appropriate services
+    out::message("INFO: running Puppet agent on ${psql_nodes}")
+    run_command('/opt/puppetlabs/bin/puppet agent --no-daemonize --no-noop --onetime', $psql_nodes)
+
+    # Re-enable the Puppet service
+    run_task('service::linux', $psql_nodes, 'action' => 'start', 'name' => 'puppet')
+  }
+
   out::message("INFO: Extended CA certificate decoded and stored at ${tmp_file}")
   out::message("INFO: Run the 'ca_extend::upload_ca_cert' plan to distribute the extended CA certificate to agents")
 }
diff --git a/plans/upload_ca_cert.pp b/plans/upload_ca_cert.pp
@@ -2,7 +2,8 @@
 #   A plan to upload a given CA certificate to a number of Puppet agent nodes
 # @param nodes The targets to upload the certificate to
 # @param cert The location of the CA certificate on disk of the local machine
-# @return JSON object with two keys: success and failure. Each key contains any number of objects consisting of the agent certname and the output of the upload_file command
+# @return JSON object with two keys: success and failure.
+#   Each key contains any number of objects consisting of the agent certname and the output of the upload_file command
 plan ca_extend::upload_ca_cert(
   TargetSpec $nodes,
   String     $cert

diff --git a/spec/fixtures/matrix/latest.json b/spec/fixtures/matrix/latest.json
@@ -1 +1 @@
-{"platforms":[{"label":"CentOS-7","provider":"provision::provision_service","image":"centos-7"},{"label":"RedHat-7","provider":"provision::provision_service","image":"rhel-7"},{"label":"Ubuntu-1804","provider":"provision::provision_service","image":"ubuntu-1804-lts"},{"label":"Ubuntu-2004","provider":"provision::provision_service","image":"ubuntu-2004-lts"},{"label":"RedHat-8","provider":"provision::provision_service","image":"rhel-8"},{"label":"Sles-12","provider":"provision::provision_service","image":"sles-12"},{"label":"AlmaLinux-8","provider":"provision::provision_service","image":"almalinux-cloud/almalinux-8"},{"label":"Rocky-Linux-8","provider":"provision::provision_service","image":"rocky-linux-cloud/rocky-linux-8"},{"label":"Sles-15","provider":"provision::provision_service","image":"sles-15"}]}
+{"platforms":[{"label":"CentOS-7","provider":"provision::provision_service","image":"centos-7"},{"label":"RedHat-7","provider":"provision::provision_service","image":"rhel-7"},{"label":"Ubuntu-2004","provider":"provision::provision_service","image":"ubuntu-2004-lts"},{"label":"RedHat-8","provider":"provision::provision_service","image":"rhel-8"},{"label":"Sles-12","provider":"provision::provision_service","image":"sles-12"},{"label":"AlmaLinux-8","provider":"provision::provision_service","image":"almalinux-cloud/almalinux-8"},{"label":"Rocky-Linux-8","provider":"provision::provision_service","image":"rocky-linux-cloud/rocky-linux-8"},{"label":"Sles-15","provider":"provision::provision_service","image":"sles-15"}]}
diff --git a/spec/fixtures/matrix/lts.json b/spec/fixtures/matrix/lts.json
@@ -1 +1 @@
-{"platforms":[{"label":"CentOS-7","provider":"provision::provision_service","image":"centos-7"},{"label":"RedHat-7","provider":"provision::provision_service","image":"rhel-7"},{"label":"Ubuntu-1804","provider":"provision::provision_service","image":"ubuntu-1804-lts"},{"label":"Ubuntu-2004","provider":"provision::provision_service","image":"ubuntu-2004-lts"},{"label":"RedHat-8","provider":"provision::provision_service","image":"rhel-8"},{"label":"Sles-12","provider":"provision::provision_service","image":"sles-12"},{"label":"Sles-15","provider":"provision::provision_service","image":"sles-15"},{"label":"AlmaLinux-8","provider":"provision::provision_service","image":"almalinux-cloud/almalinux-8"},{"label":"Rocky-Linux-8","provider":"provision::provision_service","image":"rocky-linux-cloud/rocky-linux-8"}]}
+{"platforms":[{"label":"CentOS-7","provider":"provision::provision_service","image":"centos-7"},{"label":"RedHat-7","provider":"provision::provision_service","image":"rhel-7"},{"label":"RedHat-9","provider":"provision::provision_service","image":"rhel-9"},{"label":"Ubuntu-2004","provider":"provision::provision_service","image":"ubuntu-2004-lts"},{"label":"Ubuntu-2204","provider":"provision::provision_service","image":"ubuntu-2204-lts"},{"label":"RedHat-8","provider":"provision::provision_service","image":"rhel-8"},{"label":"Sles-12","provider":"provision::provision_service","image":"sles-12"},{"label":"AlmaLinux-8","provider":"provision::provision_service","image":"almalinux-cloud/almalinux-8"},{"label":"Rocky-Linux-8","provider":"provision::provision_service","image":"rocky-linux-cloud/rocky-linux-8"},{"label":"Sles-15","provider":"provision::provision_service","image":"sles-15"}, {"label":"Rocky-Linux-9" ,"provider":"provision::provision_service","image":"rocky-linux-cloud/rocky-linux-9" }, {"label" : "Alma-Linux-9", "provider":"provision::provision_service","image": "almalinux-cloud/almalinux-9" }]}