summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/manifests/x509cert_common.pp
AgeCommit message (Collapse)Author
2021-05-11Fix default file mode for private keysJan Dittberner
2021-05-08Fix unsupported variable reassignmentJan Dittberner
Use https://forge.puppet.com/modules/puppetlabs/stdlib/7.0.1/reference#pick-1 to workaround unsupported variable reassignment in the Puppet DSL.
2021-05-08Use x509cert_common for cacert_boardvotingJan Dittberner
- add support for custom owner, group and mode for private key files managed by x509cert_common - use x509cert_common for cacert_boardvoting - remove key and certificate from old locations - add class1 (root) certificate to allowed client certificate roots for cacert_boardvoting
2021-04-25Add client certificate CA support to x509cert_commonJan Dittberner
This is a refactoring to move support for client certificate CA chain definition to the x509cert_common manifest. The idea is that certificate chain management is centralized in that module. Community is the first system that is modified to use the new mechanism for the Roundcube webmail system at webmail.cacert.org.
2020-06-06Adapt permissions on /etc/ssl/privateJan Dittberner
This change adapts the ownership and permissions on /etc/ssl/private to the defaults that are set by Debian's ssl-cert package.
2020-06-06Fix puppet parser, epp and puppet-lint issuesJan Dittberner
2020-06-06Add new profile x509cert_commonJan Dittberner
This commit adds a new profile that takes care of putting X.509 server certificates as well as their private keys and certificates at a common location. The hiera data for the email host have been adapted for this new profile which will be used by a new profile for managing nginx based reverse proxies.