Welcome to pulp-certguard’s documentation!¶
pulp_certguard plugin for pulpcore 3.0+ can cause
Pulp to refuse to serve content, e.g. rpms, Ansible Collections, etc, unless clients present a
valid certificate when they fetch content.
Company Foo only wants to serve rpms to customers who have paid, and they use Pulp 3.0+ to store rpms for their customers. When a customer pays through, e.g. June 30, 2023, Company Foo generates the customer a certificate signed by the certificate authority of Company Foo with an expiration date of June 30, 2023. Company Foo also does the following:
- Creates either a X.509 or RHSM Cert Guard offered by this plugin, configured with the Certificate Authority Certificate used to sign the customer certificates.
- Configures one or more Pulp Distributions which serving rpm repositories to be protected by the X.509 or RHSM Cert Guard they created
- Reverse Proxy Config
- REST API
- Configure yum/dnf