Forge Home


Module to manage SSL Certificates on Windows Server 2008 and upwards


265 latest version

5.0 quality score

Version information

  • 4.1.5 (latest)
  • 1.0.2
  • 1.0.1
released Jun 7th 2022
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 7.0.0

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'kpn-sslcertificate', '4.1.5'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add kpn-sslcertificate
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install kpn-sslcertificate --version 4.1.5

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



kpn/sslcertificate — version 4.1.5 Jun 7th 2022

SSL Certificate module for Puppet

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with sslcertificate
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module


Puppet Module to manage Windows certificates.

Module Description

This sslcertificate module will allow you to install and remove your certificates on Windows machines. It can manage pfx, cer, crt and pem certificates.

The module is based/uses code from the following module:

Although we borrowed the powershell scripts from voxpupuli, this module does not yet support all certificate types that voxpupuli does. This module uses Hiera to install certificates so you will have to convert your certificate file to a Base64 string.

It is also possible to list all Local Machine certificates using:

  • puppet resource sslcertificate
  • puppet resource sslcertificate


Setup Requirements

This module requires:

If you want to manage pem certificates, you will need OpenSSL. OpenSSL.Light can be installed from this module by including the following code: include sslcertificate.

What sslcertificate affects

This module will install certificates into your Windows key stores. It is also possible to remove certificates.

Beginning with sslcertificate

To install a certificate in the My directory of the LocalMachine root store:

    sslcertificate { '<certificate_name>' :
      ensure              => 'present'
      path                => 'LocalMachine\<store>\<thumbprint>',
      password            => '<password>',
      format              => '<format>',
      exportable          => true,
      certificate_content => '<certificate_content>'



This module accepts the following parameters:


Type: string Default: 'present' Values: 'present' or 'absent' Description: This is to determine if a certifcate needs to be installed or removed.


Type: string Default: nil Values: Any valid certificate path but always starts with LocalMachine. (LocalMachine\\ Description: This is the path where the certifcate will be installed. The thumbprint is always 40 hexidecimal uppercase characters.


Type: string Default: 'dummy' Values: Any valid password or passphrase, including spaces. Description: Only use a password if the certificate is password protected.


Type: string Default: nil Values: 'cer', 'crt' or 'pfx' Description: This is the format of the certificate.


Type: boolean Default: true Values: true or false Description: Sets the key to be exportable.


Type: string Default: nil Values: Plaintext value to create the certificate Description: This contains the certifcate content to create the certificate file that will be imported.


To install a certificate in an alternative directory:

    sslcertificate { 'certificate_pfx:' :
      ensure     => 'present',
      path       => 'LocalMachine\CA\C50BE50FCF7AF3E7D42C21A349D6153551D50F2A',
      format     => 'pfx',
      password   => 'the cow jumped over the moon',
      certificate_content => 'MIIGzzCCBLegAwIBAgIEATE3FzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJO

To remove a certificate:

    sslcertificate { 'any_certificate' :
      ensure        => 'absent',
      path          => 'LocalMachine\CA\C50BE50FCF7AF3E7D42C21A349D6153551D50F2A



  • sslcertificate


This module works on:

  • Windows 2008 R2
  • Windows 2012 R2
  • Windows 2016
  • Windows 2019


You can contribute by submitting issues, providing feedback and joining the discussions.

Go to:

If you want to fix bugs, add new features etc:

  • Fork it
  • Create a feature branch ( git checkout -b my-new-feature )
  • Apply your changes and update rspec tests
  • Run rspec tests ( bundle exec rake spec )
  • Commit your changes ( git commit -am 'Added some feature' )
  • Push to the branch ( git push origin my-new-feature )
  • Create new Pull Request