2 files changed, 32 insertions, 0 deletions

diff --git a/puppet/modules/site_config/manifests/x509/client_ca/ca.pp b/puppet/modules/site_config/manifests/x509/client_ca/ca.pp
new file mode 100644
index 00000000..3fbafa98
--- /dev/null
+++ b/puppet/modules/site_config/manifests/x509/client_ca/ca.pp
@@ -0,0 +1,16 @@
+class site_config::x509::client_ca::ca {
+
+  ##
+  ## This is for the special CA that is used exclusively for generating
+  ## client certificates by the webapp.
+  ##
+
+  include ::site_config::params
+
+  $x509 = hiera('x509')
+  $cert = $x509['client_ca_cert']
+
+  x509::ca { $site_config::params::client_ca_name:
+    content => $cert
+  }
+}
diff --git a/puppet/modules/site_config/manifests/x509/client_ca/key.pp b/puppet/modules/site_config/manifests/x509/client_ca/key.pp
new file mode 100644
index 00000000..0b537e76
--- /dev/null
+++ b/puppet/modules/site_config/manifests/x509/client_ca/key.pp
@@ -0,0 +1,16 @@
+class site_config::x509::client_ca::key {
+
+  ##
+  ## This is for the special CA that is used exclusively for generating
+  ## client certificates by the webapp.
+  ##
+
+  include ::site_config::params
+
+  $x509 = hiera('x509')
+  $key  = $x509['client_ca_key']
+
+  x509::key { $site_config::params::client_ca_name:
+    content => $key
+  }
+}