chef - [chef] RE: Re: Cert Management

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] RE: Re: Cert Management

From: "Justin Witrick" < >
To:
Subject: [chef] RE: Re: Cert Management
Date: Thu, 20 Feb 2014 12:03:06 -0500 (EST)
Importance: Normal

I also am using the chef-ssl tool and with some slight modifications like adding in the ability to have a cert be for a virtual host name (for the clusters) everything has been working great.

Justin

-----Original Message-----
From: "Michael Hart" < >
Sent: Thursday, February 20, 2014 11:29am
To: "< >" < >
Subject: [chef] Re: Cert Management

We’re using the chef-ssl (https://github.com/VendaTech/chef-cookbook-ssl) cookbook for certificate management. It provides for nodes generating CSR’s as required (when specified in recipes), and a command line utility to be run on the signing host to sign the CSR’s, after which the node will pick up the signed cert on the next chef run and install it. This works very well for single certs like those for VPN servers.

What it doesn’t provide for is shared key/certs such as those used across web server clusters. For that I don’t have a great solution.

cheers

mike

Michael Hart

Arctic Wolf Networks

M: 226-388-4773

On Feb 20, 2014, at 10:59 AM, Stewart, Curtis < "> > wrote:

We're looking for suggestions on cert management through Chef.

Currently, we're using encrypted data bags and chef-vault to push certs to our servers, but I was curious to see what others are doing/using.

Thanks,

Curtis

[chef] Cert Management, Stewart, Curtis, 02/20/2014
- [chef] Re: Cert Management, Michael Hart, 02/20/2014
  - [chef] RE: Re: Cert Management, Justin Witrick, 02/20/2014
    - [chef] RE: RE: Re: Cert Management, Stewart, Curtis, 02/20/2014