Article written by

skills { ['puppet', 'automation', 'devops', 'continuousintegration'] : ensure => latest, }

3 Responses

  1. Ashish
    Ashish at |

    The script doesn’t work, it gets exited with zero status, but doesn’t help in signing the certs, can you check ?

  2. Ryan
    Ryan at |

    This is nice example __BUT__ has some a major flaw. The CSR content IS NOT passed in as stdin. The CERTNAME is passed in as stdin. This means you have to read the CSR file.
    like this…

    csr = File.open(/etc/puppetlabs/puppet/ssl/ca/request/#{ARGV[0]}.pem).read

    Also… your parsing of the extensions is pretty messy and overly complicated.
    I went with this:

    extensions = {}
    request = OpenSSL::X509::Request.new csr
    csr_attr = request.attributes.first
    extensions = {}
    csr_attr.value.value.first.value.each do |prop|
    extensions[prop.value.first.value] = OpenSSL::ASN1.decode(prop.value.last.value).value
    end

    1. Ryan
      Ryan at |

      Hmm… formatting got kind of butchered there. Sorry.

Comments are closed.