Actions
Feature #14882
openPuppet CA signing should support --allow-dns-alt-names
Status:
New
Priority:
Normal
Assignee:
-
Category:
PuppetCA
Target version:
-
Description
When adding additional DNS names to the Puppet certificates, the signing needs extra parameters.
Foreman smart proxy should support "--allow-dns-alt-names" as an option in foreman.yaml.
Puppet config:
[agent]
dns_alt_names = webhook.server.example.com
[root@SERVER]# puppet cert sign "server.example.com"
Error: CSR 'server.example.com' contains subject alternative names (DNS:server.example.com, DNS:webhook.server.example.com), which are disallowed. Use `puppet cert --allow-dns-alt-names sign server.example.com` to sign this request.
[root@SERVER]# puppet cert sign --allow-dns-alt-names "server.example.com"
Notice: Signed certificate request for server.example.com
Notice: Removing file Puppet::SSL::CertificateRequest server.example.com at '/var/lib/puppet/ssl_master/ca/requests/server.example.com.pem'
It seems puppet-proxy modules/puppetca/puppetca_main.rb does not add this option.
Release:
[root@puppet foreman-proxy]# rpm -qa | grep foreman-proxy
foreman-proxy-1.11.1-1.el7.noarch
Actions