Forge Home


SSL certificate management module


17,811 latest version

2.2 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.0.3 (latest)
  • 1.0.2
  • 1.0.1
  • 1.0.0
  • 0.0.2
  • 0.0.1
released Mar 19th 2014

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'arusso-ssl', '1.0.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add arusso-ssl
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install arusso-ssl --version 1.0.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



arusso/ssl — version 1.0.3 Mar 19th 2014

SSL Management Module

This module provides a standard way to manage your SSL certificates, and currently includes support for auto-downloading your signed certs from InCommon.

Supported platforms are RedHat, Debian and Archlinux (based on $::osfamily fact). Pull requests for other platforms are welcomed.


  • puppetlabs-stdlib >= 2.6.0 (may work with earlier versions)


As it stands, the intention is for the ssl::cert defined type to be used to build a self-signed cert. This process also generates a CSR for us. This is what needs to be submitted to the signing authority.

Once the signing authority signs your cert request, you can plug in the relevant certificate id into the appropriate ssl defined type, and it will automatically download and install the cert for you.

Currently, the only supported signing authority is InCommon (ssl::incommon), but this can easily be expanded to others.



See LICENSE file


Copyright © 2013 The Regents of the University of California


Eric Rasche

  • Debian/Ubuntu Support

Niels Abspoel

  • Archlinux Support


Aaron Russo


Please log tickets and issues at the Projects site