This module is used to manage Private Key Infrastructure (PKI) Transport Layer Security (TLS) files. Typically these are Secure Socket Layer (SSL) X.509 private keys and certificates.
The module supports installing intermediate certificates as well as optionally joining keys and certificates into single files.
tlsfiles: Manage key and certificatetlsfiles::dehydrated: Manage key and certificate from Dehydrated.
$crtpath = '/etc/pki/tls/certs'$keypath = '/etc/pki/tls/private'$crtmode = '0644'$keymode = '0600'$owner = 'root'$group = 'root'$intcert = false$intjoin = false$pem = false$srcdir = 'tlsfiles'$crtdir = 'crt'$keydir = 'key'crtname = "${title}.crt"keyname = "${title}.key"
To install keys and certificates present under :
mymodulename/templates/tlsfiles/crt/www.example.com.crtmymodulename/templates/tlsfiles/key/www.example.com.keymymodulename/templates/tlsfiles/crt/IntermediateCA.crt
In site.pp to centralize all of your files :
Tlsfiles { srcdir => 'mymodulename/tlsfiles' }Install key and certificate files to the default locations :
tlsfiles { 'www.example.com': }Install a PEM file containing key and certificate to a custom location (it will
be called www.example.com.pem) :
tlsfiles { 'www.example.com':
keypath => '/etc/foo',
pem => true,
}The same as the above, but including the intermediate CA certificate :
tlsfiles { 'www.example.com':
keypath => '/etc/foo',
intcert => 'IntermediateCA',
pem => true,
}The similar tlsfiles::dehydrated definition is better when using source files
generated by Dehydrated.
Just make sure your mymodule/templates/certs/ directory is where Dehydrated
manages its certificates (a symlink will do), and use something like:
tlsfiles::dehydrated { 'wildcard.example.com':
srcdir => 'mymodule/certs',
}