Issue #7962 has been updated by Steven Lindberg.
Greetings, I've been working on this issue in my [fork](https://github.com/slindberg/puppet/commits/ticket/3.x/7962_cert_expire_warning/). I haven't created a pull request yet since all of the issues in the feature haven't been addressed. I've implemented a method for logging a warning when certificates approach their expiration date, but currently it is only called in `Puppet::SSL::Host#certificate` when initializing the cert. This means (I believe) that the warning will only ever be displayed when starting puppet, so it is useless for daemons on machines with long uptimes. I've been looking into how the daemons work, and it doesn't seem like a big deal to add a host-related call to the agent or application, but the master is a different thing. As far as I can tell, puppet master only spawns a web server, and doesn't have an agent that can perform the check. It seems overkill to add an agent just for this purpose... It also seems pointless to add this feature if it can't inform the admin the the CA is going to expire (although warn on restart is better than nothing). Any guidance would be appreciated. I haven't looked into reporting yet, but I'm hoping that `Puppet::SSL::Host#check_expiration` method can be used or slightly tweaked to accomodate. Thanks! (PS I decided to target 3.x after reading the contributing readme, and I haven't tried to merge to see how difficult it would be to backport it.) ---------------------------------------- Feature #7962: Warn when a certificate approaches the expiration date https://projects.puppetlabs.com/issues/7962#change-68453 Author: Jacob Helwig Status: Accepted Priority: High Assignee: Category: Doh! Target version: 2.7.x Affected Puppet version: Keywords: Branch: It's especially troublesome if the CA or master certificate expires without any real warning. We should be warning in the logs (possibly reports, too?) if any of the certificates (CA, master, agent) are approaching their expiration date. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
