Provided by: puppet-common_2.7.11-1ubuntu2_all bug

NAME

       puppet-certificate - Provide access to the CA for certificate management.

SYNOPSIS

       puppet certificate action [--terminus TERMINUS] [--ca-location LOCATION]

DESCRIPTION

       This  subcommand interacts with a local or remote Puppet certificate authority. Currently,
       its behavior is not a full superset of puppet cert; specifically, it is  unable  to  mimic
       puppet cert´s "clean" option, and its "generate" action submits a CSR rather than creating
       a signed certificate.

OPTIONS

       Note that any configuration parameter that´s valid in the configuration  file  is  also  a
       valid  long  argument,  although  it may or may not be relevant to the present action. For
       example,  server  is  a  valid  configuration  parameter,  so  you  can  specify  --server
       <servername> as an argument.

       See           the           configuration          file          documentation          at
       http://docs.puppetlabs.com/references/stable/configuration.html  for  the  full  list   of
       acceptable parameters. A commented list of all configuration options can also be generated
       by running puppet with --genconfig.

       --mode MODE
              The run mode to use for the current  action.  Valid  modes  are  user,  agent,  and
              master.

       --render-as FORMAT
              The format in which to render output. The most common formats are json, s (string),
              yaml, and console, but other options such as dot are sometimes available.

       --verbose
              Whether to log verbosely.

       --debug
              Whether to log debug information.

       --ca-location LOCATION
              Whether to act on the local certificate authority  or  one  provided  by  a  remote
              puppet master. Allowed values are ´local´ and ´remote.´

              This option is required.

       --terminus TERMINUS
              Indirector  faces expose indirected subsystems of Puppet. These subsystems are each
              able to retrieve and alter a specific type of data (with the  familiar  actions  of
              find, search, save, and destroy) from an arbitrary number of pluggable backends. In
              Puppet parlance, these backends are called terminuses.

              Almost all indirected subsystems have a  rest  terminus  that  interacts  with  the
              puppet  master´s  data.  Most  of them have additional terminuses for various local
              data models, which are in turn used by  the  indirected  subsystem  on  the  puppet
              master whenever it receives a remote request.

              The  terminus  for an action is often determined by context, but occasionally needs
              to be set explicitly. See the "Notes" section  of  this  face´s  manpage  for  more
              details.

ACTIONS

       destroy - Delete a certificate.
              SYNOPSIS

              puppet certificate destroy [--terminus TERMINUS] [--ca-location LOCATION] host

              DESCRIPTION

              Deletes a certificate. This action currently only works on the local CA.

              RETURNS

              Nothing.

       find - Retrieve a certificate.
              SYNOPSIS

              puppet certificate find [--terminus TERMINUS] [--ca-location LOCATION] host

              DESCRIPTION

              Retrieve a certificate.

              RETURNS

              An  x509  SSL  certificate.  You  will  usually  want  to  render  this as a string
              (--render-as s).

              Note that this action has a side effect of caching a copy  of  the  certificate  in
              Puppet´s ssldir.

       generate - Generate a new certificate signing request.
              SYNOPSIS

              puppet certificate generate [--terminus TERMINUS] [--ca-location LOCATION] host

              DESCRIPTION

              Generates  and  submits a certificate signing request (CSR) for the specified host.
              This CSR will then have to be signed by a user with the proper authorization on the
              certificate authority.

              Puppet agent usually handles CSR submission automatically. This action is primarily
              useful for requesting certificates for individual users and external applications.

              RETURNS

              Nothing.

       info - Print the default terminus class for this face.
              SYNOPSIS

              puppet certificate info [--terminus TERMINUS] [--ca-location LOCATION]

              DESCRIPTION

              Prints the default terminus class for this  subcommand.  Note  that  different  run
              modes  may have different default termini; when in doubt, specify the run mode with
              the ´--mode´ option.

       list - List all certificate signing requests.
              SYNOPSIS

              puppet certificate list [--terminus TERMINUS] [--ca-location LOCATION]

              DESCRIPTION

              List all certificate signing requests.

              RETURNS

              An array of #inspect output from CSR objects. This output is currently  messy,  but
              does  contain  the  names  of  nodes  requesting  certificates. This action returns
              #inspect strings even when used from the Ruby API.

       save - Invalid for this subcommand.
              SYNOPSIS

              puppet certificate save [--terminus TERMINUS] [--ca-location LOCATION]

              DESCRIPTION

              Invalid for this subcommand.

       search - Invalid for this subcommand.
              SYNOPSIS

              puppet certificate search [--terminus TERMINUS] [--ca-location LOCATION] query

              DESCRIPTION

              Invalid for this subcommand.

       sign - Sign a certificate signing request for HOST.
              SYNOPSIS

              puppet certificate sign [--terminus TERMINUS] [--ca-location LOCATION] host

              DESCRIPTION

              Sign a certificate signing request for HOST.

              RETURNS

              A string that appears to be (but isn´t) an x509 certificate.

EXAMPLES

       generate

       Request a certificate for "somenode" from the site´s CA:

       $ puppet certificate generate somenode.puppetlabs.lan --ca-location remote

       sign

       Sign somenode.puppetlabs.lan´s certificate:

       $ puppet certificate sign somenode.puppetlabs.lan --ca-location remote

NOTES

       This subcommand is an indirector face, which  exposes  find,  search,  save,  and  destroy
       actions for an indirected subsystem of Puppet. Valid termini for this face include:

       ·   ca

       ·   file

       ·   rest

COPYRIGHT AND LICENSE

       Copyright 2011 by Puppet Labs Apache 2 license; see COPYING