Laurence Lenberg
2012-Jul-19 15:07 UTC
[Puppet Users] auto generate client certificates for deployment installation solution
Dear all, I''m looking for a solution which manages generation and installation of client certificates. This is required we have a lot of re-installations, so we want to reuse already in place certificates. For security it is sufficient that the host to be part of our-domain.com The solution that comes closest to this requirement is this http://www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CFcQFjAA&url=http%3A%2F%2Fpuppet-manifest-share.googlecode.com%2Ffiles%2Fpuppet_certificate.pdf&ei=th4IUK__FMTZtAaxqdSYAw&usg=AFQjCNFinQKIAjCpcpltaq1ST01rjYb3xAby http://code.google.com/u/huangmingyou/ but I haven''t heard of anyone using it. Has anyone tried this out yet or has a similar setup or solution? Are the scripts gen_cert_tgz.sh and gen_agent_cert.sh described in the document available for download somewhere else? Thanks in advance. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/fqQDMooPpDgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Felix Frank
2012-Jul-20 12:17 UTC
Re: [Puppet Users] auto generate client certificates for deployment installation solution
Hi, On 07/19/2012 05:07 PM, Laurence Lenberg wrote:> I''m looking for a solution which manages generation and installation of > client certificates. This is required we have a lot of re-installations, > so we want to reuse already in place certificates. For security it is > sufficient that the host to be part of our-domain.com > > The solution that comes closest to this requirement is this > http://www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CFcQFjAA&url=http%3A%2F%2Fpuppet-manifest-share.googlecode.com%2Ffiles%2Fpuppet_certificate.pdf&ei=th4IUK__FMTZtAaxqdSYAw&usg=AFQjCNFinQKIAjCpcpltaq1ST01rjYb3xA > <http://www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CFcQFjAA&url=http%3A%2F%2Fpuppet-manifest-share.googlecode.com%2Ffiles%2Fpuppet_certificate.pdf&ei=th4IUK__FMTZtAaxqdSYAw&usg=AFQjCNFinQKIAjCpcpltaq1ST01rjYb3xA> > by http://code.google.com/u/huangmingyou/ > but I haven''t heard of anyone using it. Has anyone tried this out yet or > has a similar setup or solution? Are the scripts gen_cert_tgz.sh and > gen_agent_cert.sh described in the document available for download > somewhere else?Does not compute. A quick glance at the linked document suggests it''s a description of the normal way puppet certificates are handled. Please point out what you perceive as a possible solution to your problem. Reusing certificates is no problem, provided you set up an infrastrucutre that - stores certificates - includes those certificates to your machines during provisioning I.e., during re-installation of the OS, the signed cert is transferred to the machine somehow. If you manage to do that in a secure manner, you should be all set. HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.