.\" Man page generated from reStructuredText. . . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .TH "PUPPETSERVER-CA" 1 "2023" "" .SH NAME puppetserver-ca \- Puppetserver CA management command .SH SYNOPSIS .nf \fBpuppetserver\fP \fIca\fP (\-\-help | \-\-version) \fBpuppetserver\fP \fIca\fP (\-\-verbose) [\fIsubcommand\fP] .fi .sp .SH DESCRIPTION .sp Manage the Private Key Infrastructure for Puppet Server\(aqs built\-in Certificate Authority. .SH OPTIONS .INDENT 0.0 .TP .B \-h\fP,\fB \-\-help Show the help message and exit .TP .B \-\-version Show the version number of the CA utility and exit .TP .B \-\-verbose Display low\-level information .UNINDENT .SH SUBCOMMANDS .SS Certificate Actions .sp The following subcommands require a running Puppet Server: .INDENT 0.0 .TP .B \fBclean\fP \fI\fP ... Revoke cert(s) and remove related files from CA .TP .B \fBgenerate\fP \fI\fP ... Generate a new certificate signed by the CA .TP .B \fBlist\fP \fI\fP ... List certificates and CSRs .TP .B \fBrevoke\fP \fI\fP ... Revoke certificate(s) .TP .B \fBsign\fP \fI\fP ... Sign certificate request(s) .UNINDENT .SS Administration Actions .sp The following subcommands require Puppet Server to be stopped: .INDENT 0.0 .TP .B \fBimport\fP \fI\fP ... Import an external CA chain and generate server PKI .TP .B \fBsetup\fP \fI\fP ... Setup a self\-signed CA chain for Puppet Server .TP .B \fBenable\fP \fI\fP ... Setup infrastructure CRL based on a node inventory .TP .B \fBmigrate\fP \fI\fP ... Migrate the existing CA directory to /etc/puppetserver/ca .TP .B \fBprune\fP \fI\fP ... Prune the local CRL on disk to remove any duplicated certificates .UNINDENT .sp For more details on the arguments supported by these subcommands, see the \(dqArguments\(dq section of this man page. .SH ARGUMENTS .nf \fBclean\fP: .in +2 \-\-certname \fINAME[,NAME]\fP One or more comma separated certnames \-\-config \fICONF\fP Custom path to puppet.conf .in -2 .fi .sp .nf \fBenable\fP: .in +2 \-\-config \fICONF\fP Path to puppet.conf \-\-infracrl Create auxiliary files for the infrastructure\-only CRL .in -2 .fi .sp .nf \fBgenerate\fP: .in +2 \-\-certname \fINAME[,NAME]\fP One or more comma separated certnames \-\-config \fICONF\fP Path to puppet.conf \-\-subject\-alt\-names \fINAME[,NAME]\fP One or more comma separated alt\-names for the cert \-\-ca\-client Whether this cert will be used to request CA actions \-\-force Suppress errors when signing cert offline \-\-ttl \fITTL\fP The time\-to\-live for each cert generated and signed .in -2 .fi .sp .nf \fBimport\fP: .in +2 \-\-config \fICONF\fP Path to puppet.conf \-\-private\-key \fIKEY\fP Path to PEM encoded key \-\-cert\-bundle \fIBUNDLE\fP Path to PEM encoded bundle \-\-crl\-chain \fICHAIN\fP Path to PEM encoded chain \-\-certname \fINAME\fP Common name to use for the server cert \-\-subject\-alt\-names \fINAME[,NAME]\fP One or more comma separated alt\-names for the cert .in -2 .fi .sp .nf \fBlist\fP: .in +2 \-\-config \fICONF\fP Custom path to Puppet\(aqs config file \-\-all List all certificates \-\-format \fIFORMAT\fP Valid formats are: \(aqtext\(aq (default), \(aqjson\(aq \-\-certname \fINAME[,NAME]\fP List the specified cert(s) .in -2 .fi .sp .nf \fBmigrate\fP: .in +2 \-\-config \fICONF\fP Path to puppet.conf .in -2 .fi .sp .nf \fBprune\fP: .in +2 \-\-config \fICONF\fP Path to the puppet.conf file on disk .in -2 .fi .sp .nf \fBrevoke\fP: .in +2 \-\-certname \fINAME[,NAME]\fP One or more comma separated certnames \-\-config \fICONF\fP Custom path to puppet.conf .in -2 .fi .sp .nf \fBsetup\fP: .in +2 \-\-config \fICONF\fP Path to puppet.conf \-\-subject\-alt\-names \fINAME[,NAME]\fP One or more comma separated alt\-names for the cert \-\-ca\-name \fINAME\fP Common name to use for the CA signing cert \-\-certname \fINAME\fP Common name to use for the server cert .in -2 .fi .sp .nf \fBsign\fP: .in +2 \-\-ttl \fITTL\fP The time\-to\-live for each cert signed \-\-certname \fINAME[,NAME]\fP The name(s) of the cert(s) to be signed \-\-config \fICONF\fP Custom path to Puppet\(aqs config file \-\-all Operate on all certnames .in -2 .fi .sp .SH BUGS .sp Bugs can be reported to your distribution\(aqs bug tracker or upstream at \fI\%https://tickets.puppetlabs.com/browse/SERVER\fP .SH SEE ALSO .sp \fBpuppetserver\fP(1), \fBpuppetserver\-gem\fP(1), \fBpuppetserver\-ruby\fP(1), \fBpuppetserver\-irb\fP(1), \fBpuppetserver\-foreground\fP(1), .SH AUTHOR Louis-Philippe VĂ©ronneau .\" Generated by docutils manpage writer. .