External CA

This information describes the supported and tested configurations for external CAs in this version of Puppet. If you have an external CA use case that isn’t listed here, contact Puppet so we can learn more about it.

Supported external CA configurations

This version of Puppet supports some external CA configurations, however not every possible configuration is supported.

We fully support the following setup options:

Single CA which directly issues SSL certificates.
Puppet Server functioning as an intermediate CA.

Fully supported by Puppet means:

If issues arise that are considered bugs, we'll fix them as soon as possible.
If issues arise in any other external CA setup that are considered feature requests, we’ll consider whether to expand our support.