Hello Puppet users! In the 5.5.5 release of the Puppet Platform, we released a new experimental command line tool for interacting with the Puppet CA.
puppetserver ca <command> This tool uses Puppet Server's puppet-ca API to accomplish common CA tasks like signing and revoking certificates, instead of the legacy Ruby code in Puppet. See the Puppet Server 5.3.5 release notes <https://puppet.com/docs/puppetserver/5.3/release_notes.html#new-features> for details on configuring your server to allow access to the relevant API endpoints. This is a preview for Platform 6, when the tool will replace the existing `puppet cert` command and associated CA-related faces (certificate, ca, certificate_request, and certificate_revocation_list). Although in Puppet 5 all these commands will continue to work, we encourage you to try out the new command and give us feedback! Since the new tool is packaged as a gem alongside puppetserver, it is possible to download new updates as they are released using: /opt/puppetlabs/puppet/bin/gem update puppetserver-ca In addition to the existing major features of `puppet cert`, the new tool also provides a command for generating a chained CA for puppet, with a self-signed root cert and an intermediate CA signing cert. It also provides a command for importing an existing root and intermediate cert, for users who wish to have Puppet's CA link back to their existing roots. These tools allow for easy setup of an intermediate CA, but please note that all the current caveats for using an intermediate CA setup in Puppet 5 still apply. For details, see https://puppet.com/docs/puppetserver/5.3/intermediate_ca_configuration.html. For full intermediate CA support, with no manual file manipulation and full CRL checking, *please try our Puppet 6 nightly builds* ( http://nightlies.puppet.com/yum/puppet6-nightly/ or http://nightlies.puppet.com/apt/puppet6-nightly/)! The release of Puppet 6 is scheduled for this fall. Please tell us what you think, and let us know if you have any questions! The Server Team -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMstjg0t2U_j6kSrsSrSh%3DJqYyBX7OH4tnwYLpF7n-j%3DagEOcg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
