-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Don Jackson wrote: > I believe that the following paragraph from the wiki is at best not > clear about this, if not downright incomplete: > > Master-Side Client Certificate Generation > It's possible to generate certificates for clients on the master > side, by using puppetca --generate <hostname>; this will also sign > the newly generated certificate. You might want to do this if you > want to automate the conversion of non-Puppet managed servers to > Puppet. You can run a script that copies the generated client keys > to the right place on the client, installs Puppet and then > runs puppetd to get the client's configuration. This would allow you > to "Puppetize" a server with a single command. When you run puppetca > --generate <hostname> three files are generated > - $signeddir/hostname.pem,$certdir/hostname.pem and > $privatekeydir/hostname.pem. > You need to copy the private key and certificate to the > corresponding directories on the client side. The client public key > will be extracted from its certificate and put > into $publickeydir when puppetd is run. The defaults for these > directories should be subdirectories under /etc/puppet/ssl/ with > self-explanatory names, look there to find the generated files. > > > http://www.reductivelabs.com/trac/puppet/wiki/CertificatesAndSecurity > > I propose that the above paragraph be augmented to include the > requirement that the ca.pem be transfered from the master to the client... >
Don The wiki is open. Please feel free to update the section. Regards James Turnbull - -- Author of: * Pulling Strings with Puppet (http://www.amazon.com/gp/product/1590599780/) * Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) * Hardening Linux (http://www.amazon.com/gp/product/1590594444/) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJJzpU9hTGvAxC30ARAjPpAJ4nZoN/pPnbCy9dB4GGd7DL6rl6PgCeOO9b Ut1d5xJA+vezkkVe2+OIaOk= =XyCF -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
