In this example, an administrator wishes to create a self-signed x509 certificate for use with a web server. The permission mode of all files created by the resource. The group of all files created by the resource. The owner of all files created by the resource. The desired Bit Length of the generated key. The passphrase for an existing key's passphrase If the key_file attribute is not specified, the resource will generate a key file in the same directory as the generated certificate, with the same name as the generated certificate. If no key file is found, the resource will generate a new key file at this location. If the key_file attribute is specified, the resource will attempt to source a key from this location. The path to a certificate key file on the filesystem. The certificate will expire after this period.Īrray of Subject Alternative Name entries, in format DNS: or IP:1.2.3.4 Default: empty Value representing the number of days from now through which the issued certificate cert will remain valid.
Optional path to write the file to if you'd like to specify it here instead of in the resource name If no existing key is specified, the resource will automatically generate a passwordless key with the certificate. This resource generates self-signed, PEM-formatted x509 certificates. Storing unencrypted passwords in node attributes, as in this example, carries risk. Note that node attributes are widely accessible. Node.normal = random_password( length: 50, mode: :base64, encoding: ' ASCII ') Node.normal = random_password( length: 50, mode: :base64) Node.normal = random_password( length: 50) In order to protect the node, an administrator crafts this recipe:Ĭhef:: nd( :include, OpenSSLCookbook:: RandomPassword)
#Jellyfissh pem file update
Imagine that a new openssl vulnerability has been disclosed, and the operating system vendor has released an update to openssl to address this vulnerability. In this example, assume the node is running the stats_collector daemon, which depends on the openssl library. Each package will send a :restart notification to service resources named in the node attribute.
#Jellyfissh pem file upgrade
The upgrade recipe iterates over the list of packages in the node attribute, and manages them with the :upgrade action. Note Each service listed in this array should represent a " service" resource specified in the recipes of the node's run list. This array is empty by default, as Chef has no reasonable way to detect which applications or services are compiled against these packages. node - An array of service resources that depend on the openssl packages.An attribute-driven recipe for upgrading OpenSSL packages.A resource for generating dhparam.pem files.A resource for generating x509 certificates.A resource for generating RSA public keys.A resource for generating RSA private keys.A library method to generate secure random passwords in recipes, using the Ruby SecureRandom library.This cookbook provides tools for working with the Ruby OpenSSL library.
0 kommentar(er)
