Resource Type: openssl_genparam

Defined in:
lib/puppet/type/openssl_genparam.rb
Providers:
openssl

Summary

Generate Diffie-Hellman or Elliptic Curve parameter file

Overview

The type is refreshable. The ‘openssl_genparam` type will regenerate the parameters if the resource is notified from another resource.

Examples:

Create a Diffie-Hellman parameter file using 2048 bits


openssl_genparam { '/tmp/dhparam.pem':
  algorithm => 'DH',
  bits      => '2048,
  generator => '2',
}

Create an Elliptic Curve parameter file using the secp521e1 curve


openssl_genparam { '/tmp/ecparam.pem':
  algorithm => 'EC',
  curve     => 'secp521r1',
}

Automatically refresh a parameter file every 3 months


openssl_genparam { '/tmp/dhparam.pem':
  algorithm        => 'DH',
  bits             => '2048,
  generator        => '2',
  refresh_interval => '3mo',
}

Refresh a parameter file if another file changes


openssl_genparam { '/tmp/dhparam.pem':
  algorithm => 'DH',
  bits      => '2048,
  subscribe => File['/etc/ssl/parameters.trigger'],
}

Properties

  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • present
    • absent

Parameters

  • algorithm

    The algorithm to generate the parameters for.

    Supported values:
    • DH
    • EC
  • bits

    The number of bits to use for Diffie-Hellman parameters.

    Supported values:
    • 2048
    • 4096
    • 8192
  • curve

    The name of the curve to use for Elliptic Curve parameters.

    Supported values:
    • %r{^[a-zA-Z][a-zA-Z0-9-]+[0-9]$}
  • file

    The name of the parameter file to manage.

  • generator

    The generator to use for Diffie-Hellman parameters.

    Supported values:
    • 2
    • 5
  • provider

    The specific backend to use for this ‘openssl_genparam` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • refresh_interval

    The Refresh interval for the parameter file. A new parameter file will be generated after this time.

    The value must be a number optionally followed by a time unit. The following units are understood: ‘y` for year (365 days), `mo` for months (30 days), `w` for week (7 days), `d` for days (24 hours), `h` for hours (60 minutes), `mi` for minute (60 seconds). When the unit `s` or no unit is used then the value is interpreted as the number of seconds.

    Supported values:
    • %r{^[0-9]+(y|mo|w|d|h|mi|s)?$}