Skip to content

Instantly share code, notes, and snippets.

@joeypiccola
Last active June 13, 2018 04:01
Show Gist options
  • Save joeypiccola/c7a5da778c15590244acd153158b0a5d to your computer and use it in GitHub Desktop.
Save joeypiccola/c7a5da778c15590244acd153158b0a5d to your computer and use it in GitHub Desktop.

add cert to puppet enterprise console

  1. generate a csr puppet.piccola.us.csr and submit it to a CA.
  2. download it puppet.piccola.us.cer in .der format. once downloaded add it to the personal store of a windows machine then export it with keys and extensions as a .pfx (e.g. puppet.piccola.us.pfx).
  3. at this point you should have the following three files.
C:\scripts\puppet_ec_cert\pec> l
    Directory: C:\scripts\puppet_ec_cert\pec
Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        6/12/2018   8:17 PM           1224 puppet.piccola.us.cer
-a----        6/12/2018   8:16 PM           1384 puppet.piccola.us.csr
-a----        6/12/2018   8:20 PM           6049 puppet.piccola.us.pfx
  1. use openssl to convert pfx to pem
openssl pkcs12 -in puppet.piccola.us.pfx -clcerts -nokeys -out public-console.cert.pem
Enter Import Password: *****
  1. use openssl to create passphrased private key
openssl pkcs12 -in puppet.piccola.us.pfx -nocerts -out public-console.private_key_PASSPHRASED_.pem
Enter Import Password: *****
Enter PEM pass phrase: *****
  1. use openssl to remove passphrase from private key
openssl rsa -in public-console.private_key_PASSPHRASED_.pem -out public-console.private_key.pem
Enter pass phrase for public-console.private_key_PASSPHRASED_.pem: *****
writing RSA key
  1. at this point you shoudl have the following six files
 C:\scripts\puppet_ec_cert\pec> l
    Directory: C:\scripts\puppet_ec_cert\pec
Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        6/12/2018   9:30 PM           2034 public-console.cert.pem
-a----        6/12/2018   9:34 PM           1706 public-console.private_key.pem
-a----        6/12/2018   9:33 PM           2145 public-console.private_key_PASSPHRASED_.pem
-a----        6/12/2018   8:17 PM           1224 puppet.piccola.us.cer
-a----        6/12/2018   8:16 PM           1384 puppet.piccola.us.csr
-a----        6/12/2018   8:20 PM           6049 puppet.piccola.us.pfx
  1. copy public-console.cert.pem and public-console.private_key.pem to /opt/puppetlabs/server/data/console-services/certs on the Puppet server.
root@puppet:/opt/puppetlabs/server/data/console-services/certs# ls -la
total 36
drwx------ 3 pe-console-services pe-console-services 4096 Jun 12 21:40 .
drwxrwx--- 3 pe-console-services pe-console-services 4096 Sep  8  2017 ..
drwxr-xr-x 2 root                root                4096 Jun 12 21:40 old
-rw-r--r-- 1 root                root                2034 Jun 12 20:33 public-console.cert.pem
-rw-r--r-- 1 root                root                1706 Jun 12 20:51 public-console.private_key.pem
-r-------- 1 pe-console-services pe-console-services 2086 Jun 12 21:40 puppet.piccola.us.cert.pem
-r-------- 1 pe-console-services pe-console-services 3243 Jun 12 21:40 puppet.piccola.us.private_key.pem
-r-------- 1 pe-console-services pe-console-services 2374 Jun 12 21:40 puppet.piccola.us.private_key.pk8
-r-------- 1 pe-console-services pe-console-services  800 Jun 12 21:40 puppet.piccola.us.public_key.pem
  1. Use the console to edit the parameters of the puppet_enterprise::profile::console class.
    1. Click Classification, and in the PE Infrastructure group, select the PE Console group.
    2. On the Configuration tab, in the puppet_enterprise::profile::console class, add the following parameters:
Parameter Value
browser_ssl_cert /opt/puppetlabs/server/data/console-services/certs/public-console.cert.pem
browser_ssl_private_key /opt/puppetlabs/server/data/console-services/certs/public-console.private_key.pem
  1. run puppet agent -t on the master
root@puppet:~# puppet agent -t
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment