janschumann
2012-Aug-05 20:00 UTC
[Puppet Users] wildcard ssl certificates to auhtenticate multiple agents
Hi! I wonder if there is the posibility to issue a wildcard certificate to authenticate multiple clients. We use puppet also to provision our development environments, which are all virtual machines with using host-only connectivity through avahi. Therefor they all have a hostname *.local. It is also possible for the developer to reset the dev box by just destroing the current box and creating an new one from scratch. This would normally lead to the need to singn a new cert request. I would be happy to deploy a wildcard cert to our base VM-Box with no need to generate a certificate or sign every single dev box. Disabling cert authentification for all *.local hosts could also be a solution for us. Any ideas? Thanks, Jan Schumann -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/vWkTSAwVr3wJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
llowder@oreillyauto.com
2012-Aug-06 13:27 UTC
[Puppet Users] Re: wildcard ssl certificates to auhtenticate multiple agents
Set up an autosign.conf to have your puppet master automagically sign all .local certificates. http://docs.puppetlabs.com/guides/configuring.html#autosignconf On Sunday, August 5, 2012 3:00:49 PM UTC-5, janschumann wrote:> > Hi! > > I wonder if there is the posibility to issue a wildcard certificate to > authenticate multiple clients. > > We use puppet also to provision our development environments, which are > all virtual machines with using host-only connectivity through avahi. > Therefor they all have a hostname *.local. > > It is also possible for the developer to reset the dev box by just > destroing the current box and creating an new one from scratch. This would > normally lead to the need to singn a new cert request. > > I would be happy to deploy a wildcard cert to our base VM-Box with no need > to generate a certificate or sign every single dev box. > > Disabling cert authentification for all *.local hosts could also be a > solution for us. > > Any ideas? > > Thanks, > > Jan Schumann > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/_ucZUsHEnrEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
janschumann
2012-Aug-10 06:05 UTC
[Puppet Users] Re: wildcard ssl certificates to auhtenticate multiple agents
Hi! I already have an autosign.conf. But i want to authenticate multiple different hosts with one cert. Thanks. Am Montag, 6. August 2012 15:27:50 UTC+2 schrieb llowder:> > Set up an autosign.conf to have your puppet master automagically sign all > .local certificates. > > http://docs.puppetlabs.com/guides/configuring.html#autosignconf > > On Sunday, August 5, 2012 3:00:49 PM UTC-5, janschumann wrote: >> >> Hi! >> >> I wonder if there is the posibility to issue a wildcard certificate to >> authenticate multiple clients. >> >> We use puppet also to provision our development environments, which are >> all virtual machines with using host-only connectivity through avahi. >> Therefor they all have a hostname *.local. >> >> It is also possible for the developer to reset the dev box by just >> destroing the current box and creating an new one from scratch. This would >> normally lead to the need to singn a new cert request. >> >> I would be happy to deploy a wildcard cert to our base VM-Box with no >> need to generate a certificate or sign every single dev box. >> >> Disabling cert authentification for all *.local hosts could also be a >> solution for us. >> >> Any ideas? >> >> Thanks, >> >> Jan Schumann >> >>-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/FWm2EpA3fW0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.