Resource Type: openssl_hash

Defined in:

lib/puppet/type/openssl_hash.rb

Providers:

openssl

Summary

Manage a symbolic link using the certificate hash

Overview

If ‘ensure => present` a symbolic link using the certificate hash will be created in the same directory as the certificate. The link is removed if `ensure => absent`.

This link is used to find a trusted cert when a certificate chain is validated.

The certificate file itself is not managed by this type.

The file must exist before the link can be created as it is accessed by OpenSSL to calculate the hash. For the same reason the file can only be deleted after the link has been removed.

Examples:

Mark an existing certificate as trusted

openssl_trustcert { '/etc/ssl/certs/My-Root-CA.crt':
  ensure => present,
}

Mark an existing certificate as not trusted

openssl_trustcert { '/etc/ssl/certs/My-Root-CA.crt':
  ensure => absent,
}

Properties

• ensure (defaults to: present)

  The basic property that the resource should be in.

  Supported values:

  • present
  • absent

Parameters

• name (namevar)

  The name of the certificate file to manage.

• provider

  The specific backend to use for this ‘openssl_hash` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.