Dan White
2011-Dec-22 13:27 UTC
[Puppet Users] Puppet Master''s Certificate Authority - how might I use it for other than just puppet ?
First, some background to show how I got to this question. The particular idea I have is to use it for rsyslog certificates. I was planning to use the process described [1]here to run a CA on the puppet master machine, and then use puppet to distribute/maintain the certificates. The process shows the log server to be a separate machine from the CA, which works for me as I need at least two log servers and I do not want the puppet master to be one of them. The topic of running puppet standalone came up in discussion, and I found [2]this thread on the mailing list. One of the arguements for masterless puppet was security, so I Googled "puppet secure" and found [3]this page which notes that puppet uses SSL encryption for all traffic AND has a built-in CA ! So the question becomes: How might I use puppetca to make both the client and server certificates for an rsyslog configuration ? [1] http://rsyslog.com/doc/tls_cert_ca.html [2] http://www.mail-archive.com/puppet-users@googlegroups.com/msg18429.html [3] http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin & Hobbes) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.