General discussion about Chef

[chef] RE: RE: Re: Cert Management


Chronological Thread 
  • From: "Stewart, Curtis" < >
  • To: " " < >
  • Subject: [chef] RE: RE: Re: Cert Management
  • Date: Thu, 20 Feb 2014 17:45:25 +0000
  • Accept-language: en-US

Awesome, I'll definitely be reviewing chef-ssl.


Justin, are your modifications available on a fork?  If not, is that anything you would consider publishing, if possible?  That sounds like some great modifications that would be well used throughout the community.


Thanks,

Curtis

From: Justin Witrick < >
Sent: Thursday, February 20, 2014 11:03 AM
To:
Subject: [chef] RE: Re: Cert Management
 

 

I also am using the chef-ssl tool and with some slight modifications like adding in the ability to have a cert be for a virtual host name (for the clusters) everything has been working great.


Justin


-----Original Message-----
From: "Michael Hart" < >
Sent: Thursday, February 20, 2014 11:29am
To: "< >" < >
Subject: [chef] Re: Cert Management

We’re using the chef-ssl (https://github.com/VendaTech/chef-cookbook-ssl) cookbook for certificate management. It provides for nodes generating CSR’s as required (when specified in recipes), and a command line utility to be run on the signing host to sign the CSR’s, after which the node will pick up the signed cert on the next chef run and install it. This works very well for single certs like those for VPN servers.
What it doesn’t provide for is shared key/certs such as those used across web server clusters. For that I don’t have a great solution.
cheers
mike
--
Michael Hart
Arctic Wolf Networks
M: 226-388-4773



On Feb 20, 2014, at 10:59 AM, Stewart, Curtis < "> > wrote:

We're looking for suggestions on cert management through Chef.
Currently, we're using encrypted data bags and chef-vault to push certs to our servers, but I was curious to see what others are doing/using.
Thanks,
Curtis

Archive powered by MHonArc 2.6.16.

§