You will have to re-sign them.. that's kind of central to the idea of a CA.
Also, can you LINK your wiki pages above? On Dec 10, 7:06 pm, Don Jackson <[EMAIL PROTECTED] communications.com> wrote: > Hi, > > I've learned how to generate client certs on the master, and > distribute them to the client machine as part of the OS install > process, and added my learnings to the wiki, > see: > > startup questions - Puppet Users | Google Groups > and > Certificates And Security - puppet - Trac > > Now, I need to figure out how to build a new puppetmaster, and > transfer all the certs from the previous puppetmaster to the new one. > The server that the new puppetmaster runs on will have a different > hostname than the old puppetmaster server. > > Is this possible? > > How can I prevent the first puppetmaster from encoding its hostname in > the certs? I just want the puppetmaster and clients to > think they are talking to [EMAIL PROTECTED], and I'll make sure there is a > CNAME in my DNS so that this resolves to whatever machine is running > the puppetmaster. > > What are the important files to transfer in /etc/puppet/ca ? > > FYI, I am using version 0.24.4 > > Any advice appreciated.... > > Don --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
