Resource Type: sslcertificate

Defined in:
lib/puppet/type/sslcertificate.rb
Providers:
posix

Overview

Certificate subject hash (read only)

Properties

  • content

    Certificate content

  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • absent
    • present

Parameters

  • cacert

    Could be Boolean true or false:

    • ‘true` means CA Intermediate certificate already MUST be defined in catalog

    • ‘false` means we do not manage CA Intermediate certificate (therefore validation over CA will not happen)

    Also could be a Full path to certificate or array of paths (for example, if certificate chain has 2 or more Intermediate CA)

  • chain (defaults to: true)

    Whether to place Intermediate certificate into certificate file or not

    Supported values:
    • true
    • false
    • yes
    • no
  • expiration (defaults to: true)

    Validate certificate validity period

    Supported values:
    • true
    • false
    • yes
    • no
  • identity

    Identtity which certificate should represent (eg domain name). Certificate Common Name or any of DNS names must match identity field

  • path (namevar)

    The path to the certificate to manage. Must be fully qualified.

  • pkey

    The path to the private key to use. Must be fully qualified.

  • provider

    The specific backend to use for this ‘sslcertificate` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • replace (defaults to: true)

    Whether to replace a certificate file that already exists on the local system but which content doesn’t match what the ‘content` attribute specifies. Set this to false allows `Sslcertificate` resources to initialize certificate file without overwriting it (for example, by updating it with IM CA). Note that this only affects content; Puppet will still manage ownership and permissions. Defaults to `true`.

    Supported values:
    • true
    • false
    • yes
    • no
  • rootca (defaults to: false)

    Whether to place Root CA certificate into certificate file or not

    Supported values:
    • true
    • false
    • yes
    • no
  • strict (defaults to: true)

    Strictly validate over root CA bundle

    Supported values:
    • true
    • false
    • yes
    • no
  • subject_hash

    Certificate subject hash (read only)

  • subject_hash_old

    Certificate subject hash for old algorithm (read only)