Domenick Petrella
2013-Aug-17 12:01 UTC
[Puppet Users] Distributing certificates with external ca
Hey folks, We''re looking at using puppet 3.latest with an external ca. Since the internal puppetmaster ca, and therefore the certificate distribution mechanism, needs to be disabled, we''re brainstorming on how to generate and distribute the certs. We''re pushing toward self-service provisioning, so want this to be as hands-off as possible. The answer seems to be "use whatever puts puppet on there in the first place," which in our case is spacewalk, for the most part. And then there is generating the cert in the first place. We thought of using a standalone puppetmaster with the external ca cert, only used for signing, so we could just do a `puppet cert --generate <hostname>` during the provisioning process. But, I''m curious to hear how other people are handling this. Thanks! -Domenick -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.