Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
38 lines (22 sloc) 1.81 KB
layout title canonical
Config Files: autosign.conf

The autosign.conf file can allow certain certificate requests to be automatically signed. It is only valid on the CA puppet master server; a puppet master that is not serving as a CA will not consult autosign.conf.

More About Autosigning

Puppet also provides a policy-based interface for autosigning, which can be more flexible and secure. The autosign.conf file is the simpler and less secure method.

For more details, see the reference page about certificate autosigning.


The autosign.conf file is located at $confdir/autosign.conf by default. Its location is configurable with the autosign setting.

The location of the confdir varies; it depends on the OS, Puppet distribution, and user account. See the confdir documentation for details.


The autosign.conf file is a list of certnames or domain name globs (one per line). Each line represents a node name or group of node names whose certificate requests should be automatically signed when the CA puppet master receives them.

Note that domain name globs do not function as normal globs: an asterisk can only represent one or more subdomains at the front of a certname that resembles a fully-qualified domain name. (That is, if your certnames don't look like FQDNs, you can't use autosign.conf to full effect.

Note: Since any host can request any certname, autosigning with autosign.conf is essentially insecure. See the reference page about certificate autosigning for more context.

You can’t perform that action at this time.