Defined Type: sslcertificate

Defined in:
manifests/init.pp

Overview

Author

Paul Stack (pstack@opentable.com)

Copyright

Copyright © 2013 OpenTable Inc

License

MIT

Define: sslcertificate

This defined type will install SSL Certs on windows

Requirements/Dependencies

Currently reequires the puppetlabs/stdlib module on the Puppet Forge in order to validate much of the the provided configuration.

Parameters

password

The password for the given certificate By default is undef

location

The location to store intermediate certificates. Do not end the string with any forward or backslash.

thumbprint

The thumbprint used to verify the certificate

store_dir

The certificate store where the certificate will be installed to

root_store

The store location for the given certification store. Either LocalMachine or CurrentUser

scripts_dir

This parameter has been deprecated and is no longer used.

exportable

This parameter determines whether the certificate key is exportable or not.

wildcard

This parameter determines whether the certificate is a wildcard certificate or not.

interstore

This parameter determines whether the certificate is an intermediate certificate or not.

Examples

To install a certificate in the My directory of the LocalMachine root store:

sslcertificate { "Install-PFX-Certificate" :
  name       => 'mycert.pfx',
  password   => 'password123',
  location   => 'C:',
  thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B'
}

To install a certifcate in an alternative directory:

sslcertificate { "Install-Intermediate-Certificate" :
  name       => 'go_daddy_intermediate.p7b',
  location   => 'C:',
  store_dir  => 'CA',
  root_store => 'LocalMachine',
  thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B'
}

To install a certificate in the My directory of the LocalMachine root store and set the key as not exportable:

sslcertificate { "Install-PFX-Certificate" :
  name           => 'mycert.pfx',
  password       => 'password123',
  location       => 'C:',
  thumbprint     => '07E5C1AF7F5223CB975CC29B5455642F5570798B',
  exportable  => false
}

Parameters:

  • location (String[1])
  • thumbprint (String[1])
  • password (Optional[String[1]]) (defaults to: undef)
  • root_store (String[1]) (defaults to: 'LocalMachine')
  • store_dir (String[1]) (defaults to: 'My')
  • scripts_dir (Stdlib::Windowspath) (defaults to: 'C:\temp')
  • exportable (Boolean) (defaults to: true)
  • wildcard (Boolean) (defaults to: false)
  • interstore (Boolean) (defaults to: false) 


77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'manifests/init.pp', line 77

define sslcertificate (
  String[1] $location,
  String[1] $thumbprint,
  Optional[String[1]] $password    = undef,
  String[1] $root_store            = 'LocalMachine',
  String[1] $store_dir             = 'My',
  Stdlib::Windowspath $scripts_dir = 'C:\temp',
  Boolean $exportable              = true,
  Boolean $wildcard                = false,
  Boolean $interstore              = false
) {
  if $exportable {
    if $wildcard {
      $key_storage_flags = 'MachineKeySet,Exportable,PersistKeySet'
    } else {
      $key_storage_flags = 'Exportable,PersistKeySet'
    }
  } else {
    $key_storage_flags = 'PersistKeySet'
  }

  exec { "Install-${name}-SSLCert":
    provider  => powershell,
    command   => template('sslcertificate/import.ps1.erb'),
    onlyif    => template('sslcertificate/inspect.ps1.erb'),
    logoutput => true,
  }
}