diff --git a/lib/puppet/util/command_line/puppetca b/lib/puppet/util/command_line/puppetca index 9aa7e907c..317d99881 100755 --- a/lib/puppet/util/command_line/puppetca +++ b/lib/puppet/util/command_line/puppetca @@ -1,110 +1,110 @@ #!/usr/bin/env ruby # # = Synopsis # # Stand-alone certificate authority. Capable of generating certificates # but mostly meant for signing certificate requests from puppet clients. # # = Usage # # puppet cert [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] # [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke] # [-p|--print] [-c|--clean] [--verify] [--digest DIGEST] # [--fingerprint] [host] # # = Description # # Because the puppetmasterd daemon defaults to not signing client certificate # requests, this script is available for signing outstanding requests. It # can be used to list outstanding requests and then either sign them individually # or sign all of them. # # = Options # # Note that any configuration parameter that's valid in the configuration file # is also a valid long argument. For example, 'ssldir' is a valid configuration # parameter, so you can specify '--ssldir ' as an argument. # # See the configuration file documentation at -# http://reductivelabs.com/projects/puppet/reference/configref.html for +# http://docs.puppetlabs.com/references/stable/configuration.html for # the full list of acceptable parameters. A commented list of all # configuration options can also be generated by running puppet cert with # '--genconfig'. # # all:: # Operate on all items. Currently only makes sense with '--sign', # '--clean', or '--list'. # # digest:: # Set the digest for fingerprinting (defaults to md5). Valid values depends # on your openssl and openssl ruby extension version, but should contain at # least md5, sha1, md2, sha256. # # clean:: # Remove all files related to a host from puppet cert's storage. This is # useful when rebuilding hosts, since new certificate signing requests # will only be honored if puppet cert does not have a copy of a signed -# certificate for that host. The certificate of the host remains valid. +# certificate for that host. The certificate of the host is also revoked. # If '--all' is specified then all host certificates, both signed and # unsigned, will be removed. # # debug:: # Enable full debugging. # # generate:: # Generate a certificate for a named client. A certificate/keypair will be # generated for each client named on the command line. # # help:: # Print this help message # # list:: # List outstanding certificate requests. If '--all' is specified, # signed certificates are also listed, prefixed by '+', and revoked # or invalid certificates are prefixed by '-' (the verification outcome # is printed in parenthesis). # # print:: # Print the full-text version of a host's certificate. # # fingerprint:: # Print the DIGEST (defaults to md5) fingerprint of a host's certificate. # # revoke:: # Revoke the certificate of a client. The certificate can be specified # either by its serial number, given as a decimal number or a hexadecimal # number prefixed by '0x', or by its hostname. The certificate is revoked # by adding it to the Certificate Revocation List given by the 'cacrl' # config parameter. Note that the puppetmasterd needs to be restarted # after revoking certificates. # # sign:: # Sign an outstanding certificate request. Unless '--all' is specified, # hosts must be listed after all flags. # # verbose:: # Enable verbosity. # # version:: # Print the puppet version number and exit. # # verify:: # Verify the named certificate against the local CA certificate. # # = Example # # $ puppet cert -l # culain.madstop.com # $ puppet cert -s culain.madstop.com # # = Author # # Luke Kanies # # = Copyright # # Copyright (c) 2005 Puppet Labs, LLC # Licensed under the GNU Public License #Puppet::Application[:cert].run