This release will be the last release before the following deprecated types will be removed:
openssl_signcsr
&openssl_selfsign
: use the custom typeopenssl_cert
to sign a CSR and issue a certificateopenssl_genpkey
: use the custom typeopenssl_key
to generate private key pairs.openssl::config
: the custom typeopenssl_request
will create a CSR without the need for a config file.openssl::csr
: use the custom typeopenssl_request
instead.openssl::dhparam
: use the custom typeopenssl_dhparam
.
- The custom type
openssl_request
has new two new parametersregistration_token_control
andauthenticator_control
. They can be used to generate a CSR with theid-regCtrl-regToken
orid-regCtrl-authenticator
attributes. Some CAs may require that one of those attributes is defined when a certificate is issued.
- A request can have an optional serial number attribute to ensure that multiple requests using the same key really have a distinct binary representation.
- The defined type
openssl::dhparam
has been deprecated. Use the custom typeopenssl_dhparam
instead.
- The type parameter
force
was never used and has been removed. - The processing of empty array parameters has been fixed.
- Fix a regression where a resource would not be generated unless the ensure attribute would be given.
- Fix variable scope issue in Ruby code of
openssl_dhparam
type. - Prevent failing types if file to be generated exists but is empty.
- Drop Support for Puppet 6
- Add support for Puppet 8
- Add support for Concat 9.x and Stdlib 9.x
- New types to create OpenSSL keys, CSRs, certificates and DHparams have been added. They should be considered beta for now.
- Add support for Concat 8.x
- The OpenSSL config file to generate a CSR can now be generated on it's own using the new defined type
openssl::config
. - Add new data type
Openssl::Extendedkeyusage
.
- Support additional choices for the number of bits in RSA keys
- Add support for Stdlib 8.x.
- Add support for FreeBSD 13
- Add support for Debian 11
- Fix error propagation in custom types. A custom type now fails as it should if an error condition occurs while creating the resource.
- Add support for Puppet 7.
- Add support for Stdlib 7.x.
- Removed Support for Debian-8, Ubuntu-14.04, CentOS-6, RedHat-6 and FreeBSD-10
- The parameter
manage_trust
for the defined typeopenssl::cert
has been removed. CA certificates should be managed using theopenssl::cacert
defined type. - The class parameter
openssl::ca_certs
internally uses theopenssl::cacert
defined type.
- Add Support for FreeBSD-12
- On RedHat based distributions the defined type
openssl::cacert
will keep all CA certificates in/etc/pki/ca-trust/source/anchors
and also call theupdate-ca-trust
script.
- Add support for Ubuntu 20.04
- Add new defined type
openssl::cacert
to install a trusted CA certificate. The parametermanage_trust
for the defined typeopenssl::cert
is now deprecated and will be removed in the next major version.
- Add support for Debian-10, CentOS-8, RedHat-8.
- Fix
openssl_version
fact to handle versions without a trailing letter.
- Remove support for Puppet 4.
- For the
openssl::cert
defined type the attributemakehash
has been replaced by the more general attributemanage_trust
. On RedHat based distributions the certificate will now be added to the system-wide NSS database when this parameter istrue
.
- Add support for Stdlib 6.x.
- Add support for Concat 6.x.
- Add new custom type
openssl_hash
to manage symbolic links using a certificate hash as name. - Add new custom type
openssl_certutil
to manage certificates in the system-wide NSS database.
- Add documentation in the REFERENCE.md file.
- Support Puppet 6
-
Implement an additional parameter
source_extension
for theopenssl::cert
andopenssl::key
defined types. This parameter sets the file extension for certificates (default:crt
) and keys (default:key
) on the server. -
The version requirements for the
stdlib
andconcat
modules have been updated.
- The initial release was missing the default hiera configuration for Ubuntu. This release uses the operating system family to load the hiera configuration. Ubuntu is therefore handled as a member of the Debian family.
Initial release.