Project

General

Profile

Actions

Feature #14544

open

puppetca smart proxy should show puppet CSR attributes

Added by Robert Heinzmann almost 8 years ago. Updated almost 8 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
PuppetCA
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Currently the puppetca smart proxy does not show extra attributes of the CA request that can optionally be embedded to increase security.

# /etc/puppet/csr_attributes.yaml
---
custom_attributes:
  1.2.840.113549.1.9.7: SECRET
extension_requests:
  pp_uuid: ED803750-E3C7-44F5-BB08-41A04433FE2E
  pp_image_name: my_ami_image
  pp_preshared_key: SECRET
openssl req -in /var/lib/puppet/ssl_master/ca/requests/webserver-test1.xx.xx.xx.xx.pem -text
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=webserver-test1.xx.xx.xx.xx
        ...
        Attributes:
        Requested Extensions:
            1.3.6.1.4.1.34380.1.1.2:
                i-12345678
            1.3.6.1.4.1.34380.1.1.4:
                342thbjkt82094y0uthhor289jnqthpc2290

Providing the information can increase security

Actions #1

Updated by Dominic Cleal almost 8 years ago

  • Category changed from Smart Proxy to PuppetCA
Actions

Also available in: Atom PDF