Eric Sorenson wrote:
James -- you may already be onto this, but one thing I found last
time I did a home-rolled PKI (attempting chained CA certs for puppet)
was that the CA needs to be explicitly configured to accept extended
attributes from the CSR and put them into the issued certificate.
This
James -- you may already be onto this, but one thing I found last time I did a
home-rolled PKI (attempting chained CA certs for puppet) was that the CA needs
to be explicitly configured to accept extended attributes from the CSR and put
them into the issued certificate. This is controlled by th
This adds the ability to add arbitrary attributes to Puppet certificate
requests. It is controlled by setting the allow_csr_attributes setting
in the puppet.conf configuration file on the Puppet agent.
allow_csr_attributes = true
This option defaults to false. If set to true it looks for a
This adds the ability to add arbitrary attributes to Puppet certificate
requests. It is controlled by setting the allow_csr_attributes setting
in the puppet.conf configuration file on the Puppet agent.
allow_csr_attributes = true
This option defaults to false. If set to true it looks for a