Forge Home


SSL Certificate File Management


268 latest version

4.7 quality score

Version information

  • 1.2.0 (latest)
  • 1.1.1
  • 1.1.0
  • 1.0.0
  • 0.7.0
  • 0.6.2
  • 0.6.1
  • 0.6.0
  • 0.5.0
released Mar 10th 2022
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'rnelson0-certs', '1.2.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add rnelson0-certs
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install rnelson0-certs --version 1.2.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



rnelson0/certs — version 1.2.0 Mar 10th 2022


Build Status Puppet Forge Puppet Forge Downloads Stories in Ready Stories In Progress

Table of Contents

  1. Overview
  2. Setup - The basics of getting started with certs
  3. Usage - Configuration options and additional functionality


Provides SSL certificate files required by apache and other webservers via the certs::vhost define. These files can then be provided to apache::vhost and other classes that require the files to already exist on a managed node.


Setup Requirements

The certificate files must come from an external store. Recommended stores are a site-specific (and private!) module containing SSL files or a network- accessible filesystem, such as NFS, that the managed node can access.

Beginning with certs

Once a file store is determined, include at least one certs::vhost define and specify the file store location as the source_path. You may optionally specify a target_path if the default location of /etc/ssl/certs is not desired.


No trailing slash should be provided to source_path.

certs::vhost { '':
  source_path => 'puppet:///modules/site_certificates',

Creates /etc/ssl/certs/ and /etc/ssl/certs/ based off of puppet:///site_certificates/ and puppet:///site_certificates/

certs::vhost { '':
  target_path => '/etc/httpd/ssl.d',
  source_path => 'puppet:///modules/site_certificates',

Creates the same crt and key files in /etc/httpd/ssl.d.

Certs::Vhost<| |> -> Apache::Vhost<| |>

When providing the certificate files to the apache::vhost or similar classes it is best to ensure they are properly dependent upon the certs::vhost.

To use the vault options, you must have a module that is API compatible with puppet-vault_lookup installed. If you are not using vault, this dependency is optional.

certs::vhost { '':
  target_path => '/etc/httpd/ssl.d',
  source_path => '/v1/kv/puppet/ssl',
  vault       => true,