- source => "puppet:///modules/ssl/servicecerts/${name}.crt",
- notify => Exec['c_rehash /etc/ssl/debian/certs'],
+ ensure => $ssl_ensure,
+ content => template('ssl/crt.erb'),
+ notify => [ Exec['refresh_debian_hashes'], $notify ],
+ }
+ file { "/etc/ssl/debian/certs/$name.crt-chain":
+ ensure => $ssl_ensure,
+ content => template('ssl/crt-chain.erb'),
+ notify => [ $notify ],
+ links => follow,
+ }
+ file { "/etc/ssl/debian/certs/$name.crt-chained":
+ ensure => $ssl_ensure,
+ content => template('ssl/crt-chained.erb'),
+ notify => [ $notify ],
+ }
+ if $key {
+ file { "/etc/ssl/private/$name.key":
+ ensure => $ssl_ensure,
+ mode => '0440',
+ group => 'ssl-cert',
+ content => template('ssl/key.erb'),
+ notify => [ $notify ],
+ links => follow,
+ }
+
+ file { "/etc/ssl/private/$name.key-certchain":
+ ensure => $ssl_ensure,
+ mode => '0440',
+ group => 'ssl-cert',
+ content => template('ssl/key-chained.erb'),
+ notify => [ $notify ],
+ links => follow,
+ }