Man page - puppetserver-ca(1)
Packages contains this manual
Manual
PUPPETSERVER-CA
NAMESYNOPSIS
DESCRIPTION
OPTIONS
SUBCOMMANDS
Certificate Actions
Administration Actions
ARGUMENTS
BUGS
SEE ALSO
AUTHOR
NAME
puppetserver-ca - Puppetserver CA management command
SYNOPSIS
puppetserver
ca
(--help | --version)
puppetserver
ca
(--verbose) [
subcommand
]
<args>
DESCRIPTION
Manage the Private Key Infrastructure for Puppet Server's built-in Certificate Authority.
OPTIONS
-h , --help
Show the help message and exit
--version
Show the version number of the CA utility and exit
--verbose
Display low-level information
SUBCOMMANDS
Certificate Actions
The following
subcommands require a running Puppet Server:
clean
<args>
...
Revoke cert(s) and remove related files from CA
generate <args> ...
Generate a new certificate signed by the CA
list <args> ...
List certificates and CSRs
revoke <args> ...
Revoke certificate(s)
sign <args> ...
Sign certificate request(s)
Administration Actions
The following
subcommands require Puppet Server to be stopped:
delete
<args>
...
Delete signed certificate(s) from disk
import <args> ...
Import an external CA chain and generate server PKI
setup <args> ...
Setup a self-signed CA chain for Puppet Server
enable <args> ...
Setup infrastructure CRL based on a node inventory
migrate <args> ...
Migrate the existing CA directory to /etc/puppetserver/ca
prune <args> ...
Prune the local CRL on disk to remove any duplicated certificates
For more details on the arguments supported by these subcommands, see the "Arguments" section of this man page.
ARGUMENTS
clean :
--certname
NAME[,NAME]
One or more comma separated certnames
--config
CONF
Custom path to puppet.conf
delete :
--config
CONF
Path to
puppet.conf
--expired Delete expired signed certificates
--revoked Delete signed certificates that have already been
revoked
enable :
--config
CONF
Path to
puppet.conf
--infracrl Create auxiliary files for the
infrastructure-only CRL
generate :
--certname
NAME[,NAME]
One or more comma separated certnames
--config
CONF
Path to puppet.conf
--subject-alt-names
NAME[,NAME]
One or more comma
separated alt-names for the cert
--ca-client Whether this cert will be used to request CA
actions
--force Suppress errors when signing cert offline
--ttl
TTL
The time-to-live for each cert generated
and signed
import :
--config
CONF
Path to
puppet.conf
--private-key
KEY
Path to PEM encoded key
--cert-bundle
BUNDLE
Path to PEM encoded bundle
--crl-chain
CHAIN
Path to PEM encoded chain
--certname
NAME
Common name to use for the server
cert
--subject-alt-names
NAME[,NAME]
One or more comma
separated alt-names for the cert
list :
--config
CONF
Custom
path to Puppet's config file
--all List all certificates
--format
FORMAT
Valid formats are: 'text' (default),
'json'
--certname
NAME[,NAME]
List the specified cert(s)
migrate :
--config CONF Path to puppet.conf
prune :
--config
CONF
Path to
the puppet.conf file on disk
--remove-duplicates Remove duplicate entries from
CRL(default)
--remove-expired Remove expired entries from CRL
--remove-entries Remove entries from CRL
--serial
NUMBER[,NUMBER]
Serial numbers(s) in HEX to
be removed from CRL
--certname
NAME[,NAME]
Name(s) of the cert(s) to be
removed from CRL
revoke :
--certname
NAME[,NAME]
One or more comma separated certnames
--config
CONF
Custom path to puppet.conf
setup :
--config
CONF
Path to
puppet.conf
--subject-alt-names
NAME[,NAME]
One or more comma
separated alt-names for the cert
--ca-name
NAME
Common name to use for the CA signing
cert
--certname
NAME
Common name to use for the server
cert
sign :
--ttl
TTL
The
time-to-live for each cert signed
--certname
NAME[,NAME]
The name(s) of the cert(s) to
be signed
--config
CONF
Custom path to Puppet's config file
--all Operate on all certnames
BUGS
Bugs can be reported to your distribution's bug tracker or upstream at <https://github.com/puppetlabs/puppetserver/issues>
SEE ALSO
puppetserver (1), puppetserver-gem (1), puppetserver-ruby (1), puppetserver-irb (1), puppetserver-foreground (1), puppetserver-prune (1)
AUTHOR
Louis-Philippe Véronneau