chef - [chef] Re: Cert Management

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Cert Management

From: Michael Hart < >
To: "< >" < >
Subject: [chef] Re: Cert Management
Date: Thu, 20 Feb 2014 16:29:34 +0000
Accept-language: en-CA, en-US

We’re using the chef-ssl (https://github.com/VendaTech/chef-cookbook-ssl) cookbook for certificate management. It provides for nodes generating CSR’s as required (when specified in recipes), and a command line utility to be run on the signing host to sign the CSR’s, after which the node will pick up the signed cert on the next chef run and install it. This works very well for single certs like those for VPN servers.

What it doesn’t provide for is shared key/certs such as those used across web server clusters. For that I don’t have a great solution.

cheers

mike

Michael Hart

Arctic Wolf Networks

M: 226-388-4773

On Feb 20, 2014, at 10:59 AM, Stewart, Curtis < "> > wrote:

We're looking for suggestions on cert management through Chef.

Currently, we're using encrypted data bags and chef-vault to push certs to our servers, but I was curious to see what others are doing/using.

Thanks,

Curtis

[chef] Cert Management, Stewart, Curtis, 02/20/2014
- [chef] Re: Cert Management, Michael Hart, 02/20/2014
  - [chef] RE: Re: Cert Management, Justin Witrick, 02/20/2014
    - [chef] RE: RE: Re: Cert Management, Stewart, Curtis, 02/20/2014