Has anyone attempted to get openvpn to work with puppets certificates? I am thinking that it should work without to much fuss. My current openvpn implementation uses the following certificates and beside these are what i think would be the appropriate puppet ones. openvpn server: ca /etc/openvpn/ca.crt -> /var/lib/puppet/ssl/certs/ca.pem cert /etc/openvpn/fqdn.crt -> /var/lib/puppet/ssl/certs/fqdn.pem key /etc/openvpn/fqdn.key -> /var/lib/puppet/ssl/private_keys/fqdn.pem tls-auth /etc/openvpn/ta.key 0 -> no equivalent ( use openssl to generate ) openvpn client: ca /etc/openvpn/ca.crt -> /var/lib/puppet/ssl/certs/ca.pem cert /etc/openvpn/fqdn.crt -> /var/lib/puppet/ssl/certs/fqdn.pem key /etc/openvpn/fqdn.key -> /var/lib/puppet/ssl/private_keys/fqdn.pem tls-auth /etc/openvpn/ta.key 1 -> no equivalent ( use the one generated on the server ) I am going to give this a try later but would like to know if anyone has any thoughts on it. Ben --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ben wrote:> Has anyone attempted to get openvpn to work with puppets certificates? >You shouldn''t have any issues. Puppet uses standard OpenSSL. A recipe showing your configuration for the wiki would be great though. *hint*. Regards James Turnbull - -- Author of: * Pulling Strings with Puppet (http://www.amazon.com/gp/product/1590599780/) * Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) * Hardening Linux (http://www.amazon.com/gp/product/1590594444/) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJIoJT9hTGvAxC30ARAmBAAJ4+kf5am9OGp+zsRnLi8reIl6W+iACgoxbM SV8D8bJyiNW/FNujmccgOY0=izhZ -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Maybe Matching Threads
- Puppetca issue - not working
- puppetca unable to sign new certs - Invalid argument error
- Changing the puppetca CA password
- Could not call puppetca.getcert: #<Errno::EHOSTUNREACH: No route to host
- puppetca trouble (The certificate retrieved from the master does not match the agent's private key)