Article written by

3 Responses

  1. Ashish
    Ashish at |

    The script doesn’t work, it gets exited with zero status, but doesn’t help in signing the certs, can you check ?

  2. Ryan
    Ryan at |

    This is nice example __BUT__ has some a major flaw. The CSR content IS NOT passed in as stdin. The CERTNAME is passed in as stdin. This means you have to read the CSR file.
    like this…
    “`
    csr = File.open(/etc/puppetlabs/puppet/ssl/ca/request/#{ARGV[0]}.pem).read
    “`
    Also… your parsing of the extensions is pretty messy and overly complicated.
    I went with this:
    “`
    extensions = {}
    request = OpenSSL::X509::Request.new csr
    csr_attr = request.attributes.first
    extensions = {}
    csr_attr.value.value.first.value.each do |prop|
    extensions[prop.value.first.value] = OpenSSL::ASN1.decode(prop.value.last.value).value
    end
    “`

    1. Ryan
      Ryan at |

      Hmm… formatting got kind of butchered there. Sorry.

Comments are closed.