Forge Home


Makes puppet signed certificates available for use to other applications


5,035 latest version

4.0 quality score

Version information

  • 1.0.1 (latest)
  • 1.0.0
  • 0.2.0
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Oct 26th 2017
This version is compatible with:

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'thexa4-pki', '1.0.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add thexa4-pki
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install thexa4-pki --version 1.0.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



thexa4/pki — version 1.0.1 Oct 26th 2017

#Puppet PKI This module allows using the puppet certificates to establish trust between nodes in a network. Given that all nodes have a certificate with their hostname that is signed by the puppet master we can use the puppet master as an internal CA.

This module creates three files:

  1. /etc/ssl/certs/host.crt: The certificate of this node
  2. /etc/ssl/certs/host-ca.crt: The certificate of the puppet master that signs other certificates
  3. /etc/ssl/private/host.key: The key of this node.

The puppet certificates are placed in the ssl-cert group to allow applications like apache to use them.


Just include this module on the node. There are no configuration parameters.