This cookbook provides a LWRP for managing Mozilla NSS Certificate databaes.
A nss_tools_certdb resource block manages a named entry in a Mozilla Certificate database. The full syntax for all of the properties that are available to the nss_tools_certdb:
nss_tools_certdb 'name' do
ca String, Array
crt String
dbprefix String
der String
directory String
key String
name String
notifies # see description
subscribes # see description
action Symbol # defaults to :update
endwhere
nameis the name of the entry in the database (-n)directoryis the directory of the database (-d), default:$HOME/.netscapedbprefixis the prefix of the database (see certutil for more info), optionalca,crt,der,key: see "Properties" section below
This resource has the following actions:
:updateDefault. Adds a new entry or checks to see if it is up-to-date with the source.:deleteEnsures that an entry doesn't exist.:nothingDefine this resource block to do nothing until notified by another resource to take action. When this resource is notified, this resource block is either run immediately or it is queued up to be run at the end of the chef-client run.
This resource has different properties depending on the input type. Input can be certificate / key pairs in PEM or DER format. If both are passed PEM will take priority.
ca(String, Array) (Optional): Path to a PEM encoded CA certificate or CA certificate bundle. Can also be an array of paths.crt(String): Path to a PEM encoded certificate.key(String): Path to a PEM encoded private key.
nss_tools_certdb 'My Certificate' do
directory '/etc/myapp'
dbprefix 'myapp'
ca '/etc/ssl/ca/my-ca.crt'
crt '/etc/ssl/cert/my-cert.crt'
key '/etc/ssl/private/my-cert.key'
notifies :restart, 'service[myapp]', :delayed
endder(String): Path to PKCS12 DER encoded certificate / key (optionally CA) file.
nss_tools_certdb 'My Certificate' do
directory '/etc/myapp'
dbprefix 'myapp'
der '/etc/ssl/my-cert.p12'
notifies :restart, 'service[myapp]', :delayed
endAuthor:: Altiscale, Inc (travis@altiscale.com)
License:: Apache 2.0