sslcertificate

pdk
Module to manage SSL Certificates on Windows Server 2008 and upwards

KPN

kpn

9,613 downloads

9,158 latest version

5.0 quality score

Version information

  • 1.0.2 (latest)
  • 1.0.1
released Mar 22nd 2018
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 6.0.0
  • windows

Start using this module

Documentation

kpn/sslcertificate — version 1.0.2 Mar 22nd 2018

SSL Certificate module for Puppet

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with sslcertificate
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module

Overview

Puppet Module to manage Windows certificates.

Module Description

This sslcertificate module will allow you to install and remove your certificates on Windows machines.
It can manage pfx, cer and crt certificates.

The module is based/uses code from the following module:

Although we borrowed the powershell scripts from voxpupuli, this module does not yet support all certificate types that voxpupuli does.
This module uses Hiera to install certificates so you will have to convert your certificate file to a Base64 string.

It is also possible to list all Local Machine certificates using:

  • puppet resource sslcertificate
  • puppet resource sslcertificate

Setup

Setup Requirements

This module requires:

What sslcertificate affects

This module will install certificates into your Windows key stores. It is also possible to remove certificates.

Beginning with sslcertificate

To install a certificate in the My directory of the LocalMachine root store:

    sslcertificate { '<certificate_name>' :
      ensure              => 'present'
      path                => 'LocalMachine\<store>\<thumbprint>',
      password            => '<password>',
      format              => '<format>',
      exportable          => true,
      certificate_content => '<certificate_content>'
    }

Usage

Parameters

This module accepts the following parameters:

ensure

Type: string Default: 'present' Values: 'present' or 'absent' Description: This is to determine if a certifcate needs to be installed or removed.

path

Type: string Default: nil Values: Any valid certificate path but always starts with LocalMachine. (LocalMachine\\ Description: This is the path where the certifcate will be installed. The thumbprint is always 40 hexidecimal uppercase characters.

password

Type: string Default: 'dummy' Values: Any valid password or passphrase, including spaces. Description: Only use a password if the certificate is password protected.

format

Type: string Default: nil Values: 'cer', 'crt' or 'pfx' Description: This is the format of the certificate.

exportable

Type: boolean Default: true Values: true or false Description: Sets the key to be exportable.

certificate_content

Type: string Default: nil Values: Plaintext value to create the certificate Description: This contains the certifcate content to create the certificate file that will be imported.

Examples

To install a certificate in an alternative directory:

    sslcertificate { 'certificate_pfx:' :
      ensure     => 'present',
      path       => 'LocalMachine\CA\C50BE50FCF7AF3E7D42C21A349D6153551D50F2A',
      format     => 'pfx',
      password   => 'the cow jumped over the moon',
      certificate_content => 'MIIGzzCCBLegAwIBAgIEATE3FzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJO
            ovEj8FQY2pHm4qISNjQcSF86aNzIGn84hbsCDmJ8VeeoUAOhUaCwn38kquDSCaeQ
            Y3EVQGaRWS5eLJEFireJ8ABWmVKNOf2q+p9DZIhU2KefmKmeED9icW8sUMy9Mfpz
            B8lFPm+xqlsIm0LbGTuzN6g5fNgy+73PiME6qnYDkmXeZ3+qDpn/pTGHj986cR7Z
            /dgPkADVTzhhPOgUSaUW2/AEgOMPJyOmw5YpxgjxkIdcnvzgQc3y3zqj56vGx7Sa
            xLtMvKTEtFFMDMBZHUkiBOfyOaTEA5Bmbn0p6DyGNMu1a4MgDun7hxtG74Ao8DDe
            ejkB6QA+v4qzlHk+clOyHFyNJ9BUc70kmv9AWM4DLYX5cUGgMiJObh07DjGQrcRo
            XHpiIw4GzrOv7zZrpZ2Y5Roi86cJyrsaAENr69NZ56Heqamsv4jvyJMVOUyWw+qb
            l409YpY9zs9PyeP2WLK3rIH3hQ=='
    }

To remove a certificate:

    sslcertificate { 'any_certificate' :
      ensure        => 'absent',
      path          => 'LocalMachine\CA\C50BE50FCF7AF3E7D42C21A349D6153551D50F2A
    }

Reference

Provider

  • sslcertificate

Limitations

This module works on:

  • Windows 2008 R2
  • Windows 2012 R2
  • Windows 2016

Development

You can contribute by submitting issues, providing feedback and joining the discussions.

Go to: https://github.com/kpn-puppet/puppet-kpn-sslcertificate

If you want to fix bugs, add new features etc:

  • Fork it
  • Create a feature branch ( git checkout -b my-new-feature )
  • Apply your changes and update rspec tests
  • Run rspec tests ( bundle exec rake spec )
  • Commit your changes ( git commit -am 'Added some feature' )
  • Push to the branch ( git push origin my-new-feature )
  • Create new Pull Request