oracular (8) puppet-ssl.8.gz

Provided by: puppet-agent_8.4.0-1ubuntu1_all bug

NAME
       puppet-ssl - Manage SSL keys and certificates for puppet SSL clients


SYNOPSIS
       Manage SSL keys and certificates for SSL clients needing to communicate with a puppet infrastructure.


USAGE
       puppet ssl action [-h|--help] [-v|--verbose] [-d|--debug] [--localca] [--target CERTNAME]


OPTIONS
       •   --help: Print this help message.

       •   --verbose: Print extra information.

       •   --debug: Enable full debugging.

       •   --localca Also clean the local CA certificate and CRL.

       •   --target CERTNAME Clean the specified device certificate instead of this host´s certificate.


ACTIONS
       bootstrap
              Perform all of the steps necessary to request and download a client certificate. If autosigning is
              disabled, then puppet will wait every waitforcert seconds for its certificate  to  be  signed.  To
              only  attempt  once and never wait, specify a time of 0. Since waitforcert is a Puppet setting, it
              can be specified as a time interval, such as 30s, 5m, 1h.

       submit_request
              Generate a certificate signing request (CSR) and submit it to the CA. If a private and public  key
              pair  already  exist,  they  will  be  used  to generate the CSR. Otherwise a new key pair will be
              generated. If a CSR has already been submitted with the given certname, then  the  operation  will
              fail.

       generate_request
              Generate a certificate signing request (CSR). If a private and public key pair already exist, they
              will be used to generate the CSR. Otherwise a new key pair will be generated.

       download_cert
              Download a certificate  for  this  host.  If  the  current  private  key  matches  the  downloaded
              certificate,  then  the  certificate  will  be saved and used for subsequent requests. If there is
              already an existing certificate, it will be overwritten.

       verify Verify the private key and certificate are present and match, verify the certificate is issued  by
              a trusted CA, and check revocation status.

       clean  Remove  the  private  key  and certificate related files for this host. If --localca is specified,
              then also remove this host´s local copy of the CA  certificate(s)  and  CRL  bundle.  if  --target
              CERTNAME is specified, then remove the files for the specified device on this host instead of this
              host.

       show   Print the full-text version of this host´s certificate.