Inside the Secret Sauce Laboratory: Rethinking SSL in Puppet

Puppet 6 made a number of changes to the PKI / certificate layer that fix longstanding problems and add awesome new features.

This will be a technical deep dive into those changes including:

• new intermediate and signing CA support
• improved policy autosigning for cloud auto-scaling
• better revocation and infrastructure crl
• new command line tools
• how to upgrade cleanly and roll new certs without breaking the world

Anyone who’s had to troubleshoot Puppet SSL problems will benefit from learning about these improvements.