puppet-basicca is a puppet module designed to automate the process of creating SSL certificates, particularly self-signed certificates. I also use it to create certificate signing requests (CSRs) to submit to the authorities who sign my certificates (at time of writing, StartCOM Namecheap1
).
The readme in the Git repo has some detailed usage examples, but simply:
basicca::certrequest{ $fqdn:
keypath => "/etc/ssl/${::fqdn}.key",
csrpath => "/etc/ssl/${::fqdn}.csr",
subject => {
'CN' => $::fqdn,
},
}
will produce a signing request for the FQDN of the node the manifest is running on