Hi there, On 2018-08-23 2:35 p.m., Maggie Dreyer wrote: > In the 5.5.5 release of the Puppet Platform, we released a new experimental > command line tool for interacting with the Puppet CA. > > puppetserver ca <command> > > This tool uses Puppet Server's puppet-ca API to accomplish common CA tasks > like signing and revoking certificates, instead of the legacy Ruby code in > Puppet.
I'm curious here since I'm not following the latest releases very closely: was there a necessary change to the command-line user interface or could it have been possible to "change all of the plumbing" without touching the "porcelain on top"? if no interface change was necessary then the whole "puppetserver cert" subcommand could have been replaced with the new code. it would have removed yet another config+interface change necessity for users. > In addition to the existing major features of `puppet cert`, the new tool > also provides a command for generating a chained CA for puppet, with a > self-signed root cert and an intermediate CA signing cert. It also provides > a command for importing an existing root and intermediate cert, for users > who wish to have Puppet's CA link back to their existing roots. hey this is nice. it used to be that advanced management of certificates and CA was reserved to the x509 wizards! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/28df81aa-6375-9647-dbbe-52e104923c0d%40lelutin.ca. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
