Skip to content
A simple Ruby CLI tool to interact with the Puppet Server's included Certificate Authority
Branch: master
Clone or download
justinstoller (SERVER-2465) Find signing cert and crl based on private key (#49)
(SERVER-2465) Find signing cert and crl based on private key
Latest commit b122a34 Jun 18, 2019

Puppet Server's CA CLI Library

This gem provides the functionality behind the Puppet Server CA interactions. The actual CLI executable lives within the Puppet Server project.


You may install it yourself with:

$ gem install puppetserver-ca


For initial CA setup, we provide two options. These need to be run before starting Puppet Server for the first time.

To set up a default CA, with a self-signed root cert and an intermediate signing cert:

puppetserver ca setup

To import a custom CA:

puppetserver ca import --cert-bundle certs.pem --crl-chain crls.pem --private-key ca_key.pem

The remaining actions provided by this gem require a running Puppet Server, since it primarily uses the CA's API endpoints to do its work. The following examples assume that you are using the gem packaged within Puppet Server.

To sign a pending certificate request:

puppetserver ca sign --certname

To list certificates and CSRs:

puppetserver ca list --all

To revoke a signed certificate:

puppetserver ca revoke --certname

To revoke the cert and clean up all SSL files for a given certname:

puppetserver ca clean --certname

To create a new keypair and certificate for a certname:

puppetserver ca generate --certname

For more details, see the help output:

puppetserver ca --help

This code in this project is licensed under the Apache Software License v2, please see the included License for more details.


After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install.

To release a new version, update the version number in version.rb, and then speak with Release Engineering.

Contributing & Support

Bug reports and feature requests are welcome in JIRA at

For interactive questions feel free to post to #puppet or #puppet-dev on Freenode, or the Puppet Community Slack channel.

Contributions are welcome at Contributors should both be sure to read the contributing document and sign the contributor license agreement.

Everyone interacting with the project’s codebase, issue tracker, etc is expected to follow the code of conduct.

You can’t perform that action at this time.