Feature #14544: puppetca smart proxy should show puppet CSR attributes - Foreman

Actions

Copy link

Feature #14544

open

puppetca smart proxy should show puppet CSR attributes

Added by Robert Heinzmann over 8 years ago. Updated over 8 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

PuppetCA

Target version:

Difficulty:

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

Currently the puppetca smart proxy does not show extra attributes of the CA request that can optionally be embedded to increase security.

# /etc/puppet/csr_attributes.yaml
---
custom_attributes:
  1.2.840.113549.1.9.7: SECRET
extension_requests:
  pp_uuid: ED803750-E3C7-44F5-BB08-41A04433FE2E
  pp_image_name: my_ami_image
  pp_preshared_key: SECRET

openssl req -in /var/lib/puppet/ssl_master/ca/requests/webserver-test1.xx.xx.xx.xx.pem -text
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=webserver-test1.xx.xx.xx.xx
        ...
        Attributes:
        Requested Extensions:
            1.3.6.1.4.1.34380.1.1.2:
                i-12345678
            1.3.6.1.4.1.34380.1.1.4:
                342thbjkt82094y0uthhor289jnqthpc2290

Providing the information can increase security

Actions

Copy link

Updated by Dominic Cleal over 8 years ago

Category changed from Smart Proxy to PuppetCA

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Feature #14544

puppetca smart proxy should show puppet CSR attributes

Updated by Dominic Cleal over 8 years ago