Forge Home

sslcert

Install SSL certificates

6,188 downloads

575 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.2.0 (latest)
  • 0.1.3
  • 0.1.2
  • 0.1.1
released May 17th 2022
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 7.0.0
  • , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'puppetfinland-sslcert', '0.2.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add puppetfinland-sslcert
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install puppetfinland-sslcert --version 0.2.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

puppetfinland/sslcert — version 0.2.0 May 17th 2022

sslcert

A Puppet module for managing one or more sets of SSL certificates. A set is composed of a certificate and a key, and an optional CA bundle. The bundle may be used as is (for Apache2) or combined with the certificate (for nginx).

This module can be safely used even if the webserver is not managed by Puppet. Even in that case it can notify the defined webserver service when any of the files have changed.

Module usage

The ::sslcert::set define supports two sources for the the certificate, key and CA bundle:

  • Parameters (e.g. string from hiera-eyaml)
  • Puppet fileserver

These can also be mixed, so you could get your cert and CA bundle from the Puppet fileserver, but the private key from hiera-eyaml, passing it to the define as a string.

Using this module from another class is simple:

include ::sslcert

sslcert::set { 'www.domain.com':
    bundlefile   => 'ca-bundle.crt',
    embed_bundle => false,
}

Passing certs as paramaters

The relevant parameters in ::sslcert::set are:

  • bundlefile: target filename for the bundle
  • bundlefile_content: content of the bundle
  • certfile_content: content of the certificate
  • keyfile_content: content of the keyfile

If any of the content parameters are set, then Puppet does not try to fetch that particular file from the Puppet fileserver.

Getting certs from the Puppet fileserver

To use the Puppet fileserver approach put your certificates to the "files" share and name them like this:

  • sslcert-${basename}.crt
  • sslcert-${basename}.key

Where ${basename} defaults to the title of the ::sslcert::set defined resource. If you want to install a CA bundle, simply copy it to the "files" directory and pass the filename, including the file extension, as the $bundlefile parameter of the ::sslcert::set resource. Next a few examples using Hiera.

Automatic resource creation in main class

The main class does not do anything except support creating resources from a hash. To Install a certificate, key and a separate bundle file (e.g. for apache2).

sslcert::sets:
    www.domain.com:
        bundlefile: 'ca-bundle.crt'

The same as above, but for nginx:

sslcert::sets:
    www.domain.com:
        bundlefile: 'ca-bundle.crt'
        embed_bundle: true

Only install a certificate and a key, omitting the bundle:

sslcert::sets:
    internal.company.com: {}

You can of course define as many ::sslcert::set resources as you need.

Example of usage from within a node manifest:

$sets = { 'www.domain.com' => { 'bundlefile'   => 'ca-bundle.crt',
                                'embed_bundle' => false,
                              }
}

class { '::sslcert':
    sets => $sets,
}