If this is only on the puppet master then I would do that outside puppet,
maybe with a weekly cronjob, which moves or deletes expired certificates.
On linux with GNU date put this into a for loop going through all certs:
now=$(date +%s)
cert=$(date --date="$(openssl x509 -enddate -noout -in
www.dars.ox.ac.uk.crt | sed -e 's/notAfter=//')" +%s)
if [ $now -ge $cert ]; then
echo "too old"
fi
Once the directory is acceptable you can put it on your clients with a file
resource and recurse => true.
If you use version control with svn or git etc. for your puppet code you
might want to keep this outside, with /etc/puppet/fileserver.conf
> Il giorno giovedì 9 gennaio 2014 13:23:44 UTC+1, Paolo Brocchi ha scritto:
>>
>> Hi all,
>> i would like to replace pem certificate to agent servers.
>> Before to replace it i would do some checks like : certificate expired
>> date, right CN, right private key.
>> Can anyone help me?
>> Regards
>> Paolo
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/43c05a4e-b64f-4646-acbd-78f4e0df95ac%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
