From 3e9677f00a09d0249713ed2fa503e42b07f6d978 Mon Sep 17 00:00:00 2001 From: Brice Figureau Date: Tue, 29 Dec 2009 15:27:54 +0100 Subject: Feature #2839 - fingerprint certificate This patch adds several things: * certificate fingerprinting in --list mode * a puppetca action called "--fingerprint" to display fingerprints of given certificates (or all including CSR) * a --fingerprint puppetd option to display client certificates * each time a CSR is generated, its fingerprint is displayed in the log It is also possible to use --digest in puppetca and puppetd to specify a specific digest algorithm. Signed-off-by: Brice Figureau --- sbin/puppetca | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'sbin/puppetca') diff --git a/sbin/puppetca b/sbin/puppetca index 27ba916b5..eab594ba6 100755 --- a/sbin/puppetca +++ b/sbin/puppetca @@ -10,7 +10,8 @@ # # puppetca [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] # [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke] -# [-p|--print] [-c|--clean] [--verify] [host] +# [-p|--print] [-c|--clean] [--verify] [--digest DIGEST] +# [--fingerprint] [host] # # = Description # @@ -35,6 +36,11 @@ # Operate on all items. Currently only makes sense with '--sign', # '--clean', or '--list'. # +# digest:: +# Set the digest for fingerprinting (defaults to md5). Valid values depends +# on your openssl and openssl ruby extension version, but should contain at +# least md5, sha1, md2, sha256. +# # clean:: # Remove all files related to a host from puppetca's storage. This is # useful when rebuilding hosts, since new certificate signing requests @@ -62,6 +68,9 @@ # print:: # Print the full-text version of a host's certificate. # +# fingerprint:: +# Print the DIGEST (defaults to md5) fingerprint of a host's certificate. +# # revoke:: # Revoke the certificate of a client. The certificate can be specified # either by its serial number, given as a decimal number or a hexadecimal -- cgit