16.147. cdist-type__snakeoil_cert(7)

16.147.1. NAME

cdist-type__snakeoil_cert - Generate self-signed certificate

16.147.2. DESCRIPTION

The purpose of this type is to generate self-signed certificate and private key for testing purposes. Certificate will expire in 3650 days.

Certificate's and key's access bits will be 644 and 640 respectively. If target system has ssl-cert group, then it will be used as key's group. Use require='__snakeoil_cert/...' __file ... to override.

16.147.3. OPTIONAL PARAMETERS

common-name

Defaults to $__object_id.

key-path

%s in path will be replaced with $__object_id. Defaults to /etc/ssl/private/%s.pem.

key-type

Possible values are rsa:$bits and ec:$name. For possible EC names see openssl ecparam -list_curves. Defaults to rsa:2048.

cert-path

%s in path will be replaced with $__object_id. Defaults to /etc/ssl/certs/%s.pem.

16.147.4. EXAMPLES

__snakeoil_cert localhost-rsa \
    --common-name localhost \
    --key-type rsa:4096

__snakeoil_cert localhost-ec \
    --common-name localhost \
    --key-type ec:prime256v1

16.147.5. AUTHORS

Ander Punnar <ander-at-kvlt-dot-ee>

16.147.6. COPYING

Copyright (C) 2021 Ander Punnar. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.