Possible to discover and manage third-party certificates with Puppet?

asked 2017-09-12 19:13:58 -0600

I'm not referring to the CA and certificates Puppet itself uses. Has anyone used Puppet to discover or otherwise report on the state of certificates across their network (load balancers, web servers, etc)? Like maintaining info on them as facts and notifying when they're 60 days from expiring?

edit retag flag offensive close merge delete


“Not my department.” This sounds like your're trying to use the wrong tool for a given scenario. I mean, it ain't impossible, but I tell you, you'd be rather … un-satisfied. Better head directly for appropriate solutions.

Kai Burghardt gravatar imageKai Burghardt ( 2017-09-14 12:11:43 -0600 )edit

That's what I figured as well, but had to be sure.

NotABot gravatar imageNotABot ( 2017-09-14 22:51:24 -0600 )edit

I'm working on a solution right now to this. I'll be parsing a Java keystore once a day from a cronjob and placing the results as a JSON file as an external fact. If you're interested, I'll post a link back to the code here.

luksi1 gravatar imageluksi1 ( 2017-09-26 13:31:33 -0600 )edit

Yes please do - sounds interesting.

NotABot gravatar imageNotABot ( 2017-09-26 14:21:22 -0600 )edit