openvox_8x: fix commands verified against openvoxserver-ca source

- Replace nonexistent `puppetserver ca print` with `puppet ssl show`
  (ssl_attributes_extensions, config_file_oid_map); no print action
  exists in openvoxserver-ca 3.2.0 (current release)
- Remove stale OID-mapping limitation bullet: puppet ssl show loads
  the custom OID file and registers names with OpenSSL, so mapped
  names do appear in its output
- Replace remaining `puppet cert` references in http_certificate_status
  HTTP API reference with puppetserver ca equivalents

All other new commands (ssl clean --localca, puppetserver ca setup,
sign/clean/generate --certname, generate --subject-alt-names,
list --all) verified against openvoxserver-ca 3.2.0 source.

Part of OpenVoxProject#221

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Michael Harp <mike@mikeharp.com>

Author: miharp

docs/_openvox_8x/config_file_oid_map.md

@@ -5,7 +5,6 @@ title: "Config files: custom_trusted_oid_mapping.yaml"
 
 [extensions]: ./ssl_attributes_extensions.html
 [mapping_setting]: ./configuration.html#trustedoidmappingfile
-[pup-4617]: https://tickets.puppetlabs.com/browse/PUP-4617
 [csr_attributes]: ./config_file_csr_attributes.html
 [trusted]: ./lang_facts_and_builtin_vars.html#trusted-facts
 [registered]: ./ssl_attributes_extensions.html#puppet-specific-registered-ids
@@ -33,7 +32,6 @@ For more info, see:
 Mapping OIDs in this file _only_ affects the keys in the `$trusted[extensions]` hash. It does not affect:
 
 * What an agent can request in its `csr_attributes.yaml` file --- anything but Puppet-specific registered extensions must still be numerical OIDs.
-* What you see when you run `puppetserver ca print` --- mapped extensions will still be displayed as numerical OIDs. (Improving cert display is planned as [PUP-4617][].)
 
 ## Location
 

docs/_openvox_8x/http_api/http_certificate_status.md

@@ -22,17 +22,17 @@ Find
     GET /puppet-ca/v1/certificate_status/:certname?environment=:environment
     Accept: application/json, text/pson
 
-Retrieve information about the specified certificate. Similar to `puppet
-cert --list :certname`.
+Retrieve information about the specified certificate. Similar to `puppetserver
+ca list --certname :certname`.
 
 Search
 -----
 
     GET /puppet-ca/v1/certificate_statuses/:any_key?environment=:environment
     Accept: application/json, text/pson
 
-Retrieve information about all known certificates. Similar to `puppet
-cert --list --all`. A key is required but is ignored.
+Retrieve information about all known certificates. Similar to `puppetserver
+ca list --all`. A key is required but is ignored.
 
 Save
 ----
@@ -43,9 +43,9 @@ Save
 Change the status of the specified certificate. The desired state
 is sent in the body of the PUT request as a one-item PSON hash; the two
 allowed complete hashes are `{"desired_state":"signed"}` (for signing a
-certificate signing request; similar to `puppet cert --sign`) and
+certificate signing request; similar to `puppetserver ca sign`) and
 `{"desired_state":"revoked"}` (for revoking a certificate; similar to
-`puppet cert --revoke`).
+`puppetserver ca revoke`).
 
 Note that revoking a certificate will not clean up other info about the
 host - see the DELETE request for more information.
@@ -59,7 +59,7 @@ Delete
 Cause the certificate authority to discard all SSL information regarding
 a host (including any certificates, certificate requests, and keys).
 This does not revoke the certificate if one is present; if you wish to
-emulate the behavior of `puppet cert --clean`, you must PUT a
+emulate the behavior of `puppetserver ca clean`, you must PUT a
 `desired_state` of `revoked` before deleting the host’s SSL information.
 
 If the deletion was successful, it returns a string listing the deleted

docs/_openvox_8x/ssl_attributes_extensions.markdown

@@ -111,7 +111,7 @@ Visibility of extensions is somewhat limited:
 * The `puppetserver ca list` command _does not_ display custom attributes for any pending CSRs, and
   [basic autosigning (autosign.conf)][autosign_basic] doesn't check them before signing. Either use
   [policy-based autosigning][autosign_policy] or inspect CSRs manually with the `openssl` command (see below).
-* The `puppetserver ca print` command _does_ display any extensions in a signed certificate, under the "X509v3 extensions" section.
+* The `puppet ssl show` command displays any extensions in the local node's signed certificate, under the "X509v3 extensions" section.
 
 Puppet's authorization system (`auth.conf`) does not use certificate extensions, but [Puppet Server's authorization system](/puppetserver/latest/config_file_auth.html), which is based on `trapperkeeper-authorization`, can use extensions in the ppAuthCertExt OID range, and requires them for requests to write access rules.
 
@@ -143,9 +143,9 @@ Note that every extension is preceded by any combination of two characters (`.$`
 
 Any Puppet-specific OIDs (see below) appear as numeric strings when using OpenSSL.
 
-You can check for extensions in a signed certificate by running `puppetserver ca print --certname <name>`.
-In the output, look for the "X509v3 extensions" section. Any of the Puppet-specific registered OIDs
-(see below) appear as their descriptive names:
+You can check for extensions in a signed certificate by running `puppet ssl show` on the agent node
+that holds the certificate. In the output, look for the "X509v3 extensions" section. Any of the
+Puppet-specific registered OIDs (see below) appear as their descriptive names:
 
 ```
 X509v3 extensions: