as an api user, i would like to query puppet ca certificate additional information
the puppet ca inventory can contain additional information which is not exposed via the api, for example:
cat /var/lib/puppet/ssl/ca/inventory.txt 0x0001 2015-08-16T14:00:27UTC 2020-08-15T14:00:27UTC /CN=Puppet CA: ca-certname
(CA attribute is ignored)
additionally output from puppet cert list --all can contain certificate alt names, e.g.:
"ca-certname" (SHA256) 2D:09:32:76:41:86:C7:A2:71:E0:5C:9E:98:7C:E8:76:B1:4A:86:E3:51:00:D0:02:AF:2F:7E:02:45:AB:3E:28 (alt names: "DNS:ca-certname", "DNS:puppet", "DNS:puppet.domain.com")
I would like to know which certificate is actually the CA (in puppet context its usually the first entry in the inventory, or the oldest certificate and has the above output), and to know its alt names.