Monday, December 15, 2014

Puppet cert inspector

Today while poking around in the puppet source code, I came across a utility in the ext/ directory called cert_inspector. This seems to be a little utility that opens up certificates and interrogates them for useful data. This is better than what I usually do, which is incanting openssl directly. It also is capable of chewing up an entire /var/lib/puppet/ssl directory and dumping information on every cert and key it finds. See the output below:



 (master u=)$: ./ext/cert_inspector ~/.puppet/ssl/certs/ca.pem
/home/nibz/.puppet/ssl/certs/ca.pem:
  Certificate assigning name /CN=Puppet CA: zabava.cat.pdx.edu to key</CN=Puppet CA: zabava.cat.pdx.edu>
    serial number 1
    issued by /CN=Puppet CA: zabava.cat.pdx.edu
    signed by key</CN=Puppet CA: zabava.cat.pdx.edu>

 (master u=)$: ./ext/cert_inspector ~/.puppet/ssl/
WARNING: file "/home/nibz/.puppet/ssl/public_keys/hunner_what_r_u_doin.pem" could not be interpreted
WARNING: file "/home/nibz/.puppet/ssl/public_keys/hunner_stahp.pem" could not be interpreted
WARNING: file "/home/nibz/.puppet/ssl/public_keys/maxwell.hsd1.or.comcast.net.pem" could not be interpreted
WARNING: file "/home/nibz/.puppet/ssl/public_keys/hunner.pem" could not be interpreted
/home/nibz/.puppet/ssl/certs/ca.pem:
  Certificate assigning name /CN=Puppet CA: zabava.cat.pdx.edu to key</CN=Puppet CA: zabava.cat.pdx.edu>
    serial number 1
    issued by /CN=Puppet CA: zabava.cat.pdx.edu
    signed by key</CN=Puppet CA: zabava.cat.pdx.edu>

/home/nibz/.puppet/ssl/certificate_requests/hunner.pem:
  Certificate request for /CN=hunner having key key</CN=hunner>
    signed by key</CN=hunner>

/home/nibz/.puppet/ssl/certificate_requests/hunner_stahp.pem:
  Certificate request for /CN=hunner_stahp having key key</CN=hunner_stahp>
    signed by key</CN=hunner_stahp>

/home/nibz/.puppet/ssl/certificate_requests/hunner_what_r_u_doin.pem:
  Certificate request for /CN=hunner_what_r_u_doin having key key</CN=hunner_what_r_u_doin>
    signed by key</CN=hunner_what_r_u_doin>

/home/nibz/.puppet/ssl/private_keys/hunner.pem:
  Private key for key</CN=hunner>

/home/nibz/.puppet/ssl/private_keys/hunner_stahp.pem:
  Private key for key</CN=hunner_stahp>

/home/nibz/.puppet/ssl/private_keys/hunner_what_r_u_doin.pem:
  Private key for key</CN=hunner_what_r_u_doin>

/home/nibz/.puppet/ssl/private_keys/maxwell.hsd1.or.comcast.net.pem:
  Private key for key</home/nibz/.puppet/ssl/private_keys/maxwell.hsd1.or.comcast.net.pem>

No comments:

Post a Comment