Forge Home

Modules

Puppet

Resources

PuppetEcosystemPuppet CommunityUpdates

certs

Configures and manages SSL certificate deployments, restarting services as configured.
Project URLRSS FeedReport issues

25,964 downloads

623 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 3.0.1 (latest)
  • 3.0.0
  • 2.5.1
  • 2.5.0
  • 2.4.0
  • 2.3.2
  • 2.3.1
  • 2.3.0
  • 2.2.1
  • 2.2.0
  • 2.1.1
  • 2.0.0
  • 1.2.1
  • 1.2.0
  • 1.1.0
  • 1.0.0
  • 0.4.0
  • 0.3.0 (deleted)
  • 0.2.0 (deleted)
  • 0.1.0 (deleted)
released Feb 16th 2023
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x
  • Puppet >=5.0.0 < 8.0.0
  • , , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'broadinstitute-certs', '3.0.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add broadinstitute-certs
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install broadinstitute-certs --version 3.0.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

broadinstitute/certs — version 3.0.1 Feb 16th 2023

certs

checks Puppet Forge Puppet Forge Puppet Forge License (Apache 2.0)

Table of Contents

Notice

This module has been renamed to puppet-certificates due to naming conflicts and as such is being deprecated. You can find a fork of this module at puppet-certificates.

Overview

Configures SSL certificates and keys.

Module Description

This module provides SSL certificate files required by Apache or other services via the certs::site define. It can be used in conjunction with puppetlabs/apache's apache::vhost definitions to provide the ssl_cert and ssl_key files or any other service requiring SSL certificates.

It can also be used independent of any Puppet-defined service that requires the files to exist on a managed node.

Setup

Setup Requirements

The certificate files must come from an external store. Recommended stores are a site-specific (and private) module containing SSL files or a network-accessible filesystem, such as NFS, that the managed node can access. Once a file store is determined, include at least one certs::site define and specify the file store location as the source_path.

By default, this module will place certificates and keys in their relative locations and restart the specified service, provided it is defined in the catalog.

  • RedHat

    • certificates directory: /etc/pki/tls/certs
    • keys directory: /etc/pki/tls/private
    • service: httpd

  • Debian & Suse

    • certificates directory: /etc/ssl/certs
    • keys directory: /etc/ssl/private
    • service: apache2

  • FreeBSD

    • certificates directory: /usr/local/etc/apache24
    • keys directory: /usr/local/etc/apache24
    • service: apache24

  • Gentoo

    • certificates directory: /etc/ssl/apache2
    • keys directory: /etc/ssl/apache2
    • service: apache2

Usage

No trailing slashes should be provided for any paths.

Installation

Puppet Forge:

puppet module install broadinstitute-certs

Puppetfile:

mod 'broadinstitute/certs'

Examples

Puppet Manifest

manifest.pp

  include certs
  $domain = 'www.example.com'
  certs::site { $domain:
    source_path    => 'puppet:///site_certificates',
    ca_cert        => true,
    ca_name        => 'caname',
    ca_source_path => 'puppet:///ca_certs',
  }

With Hiera

node.yaml

  classes:
    - certs
  certs::sites:
    'www.example.com':
      source_path: 'puppet:///site_certificates'
      ca_cert: true
      ca_name: 'caname'
      ca_source_path: 'puppet:///ca_certs'

Resource Chaining with Apache Module

manifest.pp

  Certs::Site<| |> -> Apache::Vhost<| |>

Global Defaults

You can also reset some of the settings in params.pp globally via the certs base class which will be inherited by all certs::site defines used that are later defined. In this example, we can reset the default certificate and key paths for all instantiated sites so that we don't have to manually set the custom path in each site:

  $domain1 = 'www.example.com'
  $domain2 = 'foo.example.com'

  class { 'certs':
    cert_path => '/path/to/certs',
    key_path  => '/path/to/keys',
  }

  certs::site { $domain1:
    source_path    => 'puppet:///site_certificates',
    ca_cert        => true,
    ca_name        => 'caname',
    ca_source_path => 'puppet:///ca_certs',
  }

  certs::site { $domain2:
    source_path    => 'puppet:///site_certificates',
    ca_cert        => true,
    ca_name        => 'caname',
    ca_source_path => 'puppet:///ca_certs',
  }

Reference

REFERENCE.md (generated with Puppet Strings)

Limitations

This module is CI tested against open source Puppet on:

  • CentOS 6, 7, 8
  • RHEL 6, 7, 8

This module also provides functions for other distributions and operating systems, such as FreeBSD and Gentoo, but is not formally tested on them and are subject to regressions.

Contributors

Riccardo Calixte (@rcalixte)

Andrew Teixeira (@coreone)

More contributors.