# Install OpenSSL. # class ssl::openssl { package { "openssl": ensure => installed, } } # Create self-signed certificate. # # === Parameters: # # $key: # Key output file. # $crt: # Certificate output file. # $days: # Validity in days, defaults to 3650. # $keysize: # RSA key size, defaults to 2048. # $subject: # Subject, defaults to "/CN=${name}". # define ssl::certificate($key, $crt, $days="3650", $keysize="2048", $subject="") { include ssl::openssl if $subject { $subject_real = $subject } else { $subject_real = "/CN=${name}" } exec { "openssl-req-${name}": path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin", command => "/bin/sh -c 'umask 077 ; openssl req -x509 -nodes -days ${days} -newkey rsa:${keysize} -subj \"${subject_real}\" -keyout ${key} -out ${crt}'", creates => [ "${key}", "${crt}" ], } }