Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

PUPPET-CA(8)			 Puppet manual			  PUPPET-CA(8)

NAME
       puppet-ca - Local Puppet Certificate Authority management.

SYNOPSIS
       puppet ca action

DESCRIPTION
       This provides local management of the Puppet Certificate Authority.

       You  can	 use this subcommand to sign outstanding certificate requests,
       list and manage local certificates, and inspect the state of the CA.

OPTIONS
       Note that any setting that´s valid in the configuration file is also  a
       valid  long  argument,  although	 it  may or may not be relevant to the
       present action. For example, server and run_mode are valid settings, so
       you  can	 specify  --server <servername>, or --run_mode <runmode> as an
       argument.

       See  the	 configuration	file  documentation   at   http://docs.puppet‐
       labs.com/references/stable/configuration.html  for  the	full  list  of
       acceptable parameters. A commented list of  all	configuration  options
       can also be generated by running puppet with --genconfig.

       --render-as FORMAT
	      The  format  in  which to render output. The most common formats
	      are json, s (string), yaml, and console, but other options  such
	      as dot are sometimes available.

       --verbose
	      Whether to log verbosely.

       --debug
	      Whether to log debug information.

ACTIONS
       destroy - Destroy named certificate or pending certificate request.
	      SYNOPSIS

	      puppet ca destroy

	      DESCRIPTION

	      Destroy named certificate or pending certificate request.

       fingerprint - Print the DIGEST (defaults to the signing algorithm) fin‐
       gerprint of a host´s certificate.
	      SYNOPSIS

	      puppet ca fingerprint [--digest ALGORITHM]

	      DESCRIPTION

	      Print the DIGEST (defaults to the signing algorithm) fingerprint
	      of a host´s certificate.

	      OPTIONS --digest ALGORITHM - The hash algorithm to use when dis‐
	      playing the fingerprint

       generate - Generate a certificate for a named client.
	      SYNOPSIS

	      puppet ca generate [--dns-alt-names NAMES]

	      DESCRIPTION

	      Generate a certificate for a named client.

	      OPTIONS --dns-alt-names NAMES  -	The  comma-separated  list  of
	      alternative DNS names to use for the local host.

	      When the node generates a CSR for itself, these are added to the
	      request as the desired subjectAltName in the certificate:	 addi‐
	      tional  DNS  labels that the certificate is also valid answering
	      as.

	      This is generally required if you use a  non-hostname  certname,
	      or  if you want to use puppet kick or puppet resource -H and the
	      primary certname does not match the DNS name you use to communi‐
	      cate with the host.

	      This is unnecessary for agents, unless you intend to use them as
	      a server for puppet kick or remote puppet resource management.

	      It is rarely necessary for servers; it is usually	 helpful  only
	      if you need to have a pool of multiple load balanced masters, or
	      for the same master to respond on two physically	separate  net‐
	      works under different names.

       list - List certificates and/or certificate requests.
	      SYNOPSIS

	      puppet  ca  list	[--[no-]all]  [--[no-]pending] [--[no-]signed]
	      [--digest ALGORITHM] [--subject PATTERN]

	      DESCRIPTION

	      This will list the current certificates and certificate  signing
	      requests	in  the	 Puppet CA. You will also get the fingerprint,
	      and any certificate verification failure reported.

	      OPTIONS --[no-]all - Include all certificates and requests.

	      --digest ALGORITHM - The hash algorithm to use  when  displaying
	      the fingerprint

	      --[no-]pending - Include pending certificate signing requests.

	      --[no-]signed - Include signed certificates.

	      --subject	 PATTERN - Only include certificates or requests where
	      subject matches PATTERN.

	      PATTERN is interpreted as a regular expression, allowing complex
	      filtering of the content.

       print - Print the full-text version of a host´s certificate.
	      SYNOPSIS

	      puppet ca print

	      DESCRIPTION

	      Print the full-text version of a host´s certificate.

       revoke - Add certificate to certificate revocation list.
	      SYNOPSIS

	      puppet ca revoke

	      DESCRIPTION

	      Add certificate to certificate revocation list.

       sign - Sign an outstanding certificate request.
	      SYNOPSIS

	      puppet ca sign [--[no-]allow-dns-alt-names]

	      DESCRIPTION

	      Sign an outstanding certificate request.

	      OPTIONS  --[no-]allow-dns-alt-names  -  Whether or not to accept
	      DNS alt names in the certificate request

       verify - Verify the named certificate against the local CA certificate.
	      SYNOPSIS

	      puppet ca verify

	      DESCRIPTION

	      Verify the named certificate against the local CA certificate.

COPYRIGHT AND LICENSE
       Copyright 2011 by Puppet Labs Apache 2 license; see COPYING

Puppet Labs, LLC		   May 2015			  PUPPET-CA(8)

Vote for polarhome