Resource Type: openssl_selfsign

Defined in:

lib/puppet/type/openssl_selfsign.rb

Providers:

openssl

Summary

Create an OpenSSL self-signed certificate

Overview

**This type is deprecated!**

The type takes a certificate signing request (CSR) and a key file to generate a self-signed certificate.

Certificate extensions can be added by using the ‘extensions` and `extfile` parameters.

Optionally a key password can be provided if the used key is encrypted.

The certificate will be valid for the given number of days.

The type is refreshable. The ‘openssl_selfsign` type will regenerate the certificate if the resource is notified from another resource.

Examples:

Create a self-signed certificate with extensions valid for one year

openssl_signcsr { '/tmp/cert.crt':
  csr        => '/tmp/cert.csr',
  signkey    => '/tmp/cert.key',
  extfile    => '/tmp/cert.cnf',
  extensions => 'v3_ext',
  days       => '365',
}

Properties

• ensure (defaults to: present)

  The basic property that the resource should be in.

  Supported values:

  • present
  • absent

Parameters

• csr

  Required. The file containing the certificate signing request.

• days (defaults to: 370)

  The number of days the certificate should be valid.

  Supported values:

  • %r{^[0-9]+$}
• extensions

  The section name of the extensions. The OpenSSL defaults will be used if the parameter is ‘undef`.

• extfile

  The file with the certificate extensions.

• file

  The signed certificate file to manage.

• password

  The password to decrypt the key. Leave the parameter undefined if the key is not encrypted.

• provider

  The specific backend to use for this ‘openssl_selfsign` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

• signkey

  Required. The file with the OpenSSL key to use for the self-signed certificate.