Hi,
On the master,
puppet cert print <certname>
Look for the lines :
Validity
Not Before: May 10 10:23:49 2013 GMT
Not After : May 10 10:23:49 2018 GMT
On 01/09/2014 04:57 PM, Stephan wrote:
If this is only on the puppet master then I would do that outside
puppet, maybe with a weekly cronjob, which moves or deletes expired
certificates.
On linux with GNU date put this into a for loop going through all certs:
now=$(date +%s)
cert=$(date --date="$(openssl x509 -enddate -noout -in your.crt | sed
-e 's/notAfter=//')" +%s)
if [ $now -ge $cert ]; then
echo "do your cleanup tasks here"
fi
Once the directory is acceptable you can put it on your clients with a
file resource and recurse => true.
If you use version control with svn or git etc. for your puppet code
you might want to keep this outside, with /etc/puppet/fileserver.conf
On Thursday, January 9, 2014 3:22:31 PM UTC, Paolo Brocchi wrote:
Hi Stephan,
thanks for the quick answer.
I try to explain better.
For example:
I have a pem certificate on puppet master path
/puppet/files/xxx.pem this certificate i would copy in many agent
puppet under /etc/. Before to copy it i would to check if
certificate is not expired.
How can i do?
Thanks again
Paolo
Il giorno giovedì 9 gennaio 2014 13:23:44 UTC+1, Paolo Brocchi ha
scritto:
Hi all,
i would like to replace pem certificate to agent servers.
Before to replace it i would do some checks like : certificate
expired date, right CN, right private key.
Can anyone help me?
Regards
Paolo
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/905474da-28c1-4d1c-bb11-c8be50ffb385%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Johan De Wit
Open Source Consultant
Red Hat Certified Engineer (805008667232363)
Puppet Certified Professional 2013 (PCP0000006)
_________________________________________________________
Open-Future Phone +32 (0)2/255 70 70
Zavelstraat 72 Fax +32 (0)2/255 70 71
3071 KORTENBERG Mobile +32 (0)474/42 40 73
BELGIUM http://www.open-future.be
_________________________________________________________
Next Events:
Puppet Fundamentals Training |
http://www.open-future.be/puppet-fundamentals-training-4-till-6th-february
Puppet Intruction Course |
http://www.open-future.be/puppet-introduction-course-7th-february
Zabbix Certified Training |
http://www.open-future.be/zabbix-certified-training-10-till-12th-february
Zabbix for Large Environments Training |
http://www.open-future.be/zabbix-large-environments-training-13-till-14th-february
Subscribe to our newsletter | http://eepurl.com/BUG8H
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52CF9DFA.7040507%40open-future.be.
For more options, visit https://groups.google.com/groups/opt_out.
