Issue #6029 has been updated by Nigel Kersten. Status changed from Needs Decision to Accepted Assignee deleted (Nigel Kersten) Target version set to Telly
---------------------------------------- Feature #6029: Provide puppetca option to renew CAcert and propagate to clients. https://projects.puppetlabs.com/issues/6029 Author: Nick Moffitt Status: Accepted Priority: Normal Assignee: Category: SSL Target version: Telly Affected Puppet version: Keywords: puppetca ca ca.pem crl.pem cert ssl renew Branch: I noticed while setting up a puppet master that the CA cert it generates has an expiration date five years in the future. This fact came at about the time that I realized I'd been in charge of a particular set of systems for five years myself, and that timescale suddenly appeared more personally finite to me. What would be helpful is to have some kind of puppetca command that can generate a new CA Cert, sign it with the old one, and somehow make use of the web of trust to deploy it (and perhaps an updated CRL, if necessary) to every client. This would help when, four and a half years down the line, you realize it's getting time to think about renewing that cert. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
