Feature #14882: Puppet CA signing should support --allow-dns-alt-names - Smart Proxy - Foreman

Actions

Copy link

Feature #14882

open

Puppet CA signing should support --allow-dns-alt-names

Added by Robert Heinzmann about 8 years ago. Updated over 5 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

PuppetCA

Target version:

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

https://github.com/theforeman/smart-proxy/pull/510

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

When adding additional DNS names to the Puppet certificates, the signing needs extra parameters.

Foreman smart proxy should support "--allow-dns-alt-names" as an option in foreman.yaml.

Puppet config:

[agent]
      dns_alt_names = webhook.server.example.com

[root@SERVER]# puppet cert sign "server.example.com" 
  Error: CSR 'server.example.com' contains subject alternative names (DNS:server.example.com, DNS:webhook.server.example.com), which are disallowed. Use `puppet cert --allow-dns-alt-names sign server.example.com` to sign this request.

[root@SERVER]# puppet cert sign --allow-dns-alt-names "server.example.com" 
  Notice: Signed certificate request for server.example.com
  Notice: Removing file Puppet::SSL::CertificateRequest server.example.com at '/var/lib/puppet/ssl_master/ca/requests/server.example.com.pem'

It seems puppet-proxy modules/puppetca/puppetca_main.rb does not add this option.

Release:

[root@puppet foreman-proxy]# rpm -qa | grep foreman-proxy
  foreman-proxy-1.11.1-1.el7.noarch

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Smart Proxy

Custom queries

Feature #14882

Puppet CA signing should support --allow-dns-alt-names

Updated by Dominic Cleal about 8 years ago

Updated by The Foreman Bot over 7 years ago

Updated by Tomer Brisker over 6 years ago

Updated by Lukas Zapletal over 5 years ago