External NSS based CA & puppetserver

4 views

Skip to first unread message

Bart-Jan Vrielink

unread,

Aug 7, 2018, 7:41:45 PM8/7/18

to puppet...@googlegroups.com

Hello,

I'm currently trying to upgrade a Puppet 3.8 site to something newer (eventually 5.5). The current setup uses Passenger with Apache and mod_nss.

The reason mod_nss is used is because it uses the /etc/httpd/alias NSS database that Red Hat IPA uses. In there, certificates for each host are tracked.

Moving forward, I see 3 scenarios, but have no clue yet if either one will work:

- Figure out how/if puppetserver (Jetty) supports NSS based certificates

- Continue to use the deprecated Rack/Passenger setup

- (Deep) Dive into the (undocumented) scripts that are responsible for populating the NSS certificate database and also have it generate .pem files.

Will either of the first 2 options work? Or are OpenSSL certificates the only external certificates that work with Puppet 4.x/5.x ??

Regards,

Bart-Jan Vrielink

Reply all

Reply to author

Forward

0 new messages