> the puppet masters cert and CA needs to contain the public FQDN as well. > use certnames (see ConfigurationReference [1]) to include both domains, > local and public. This will mean that you need to regenerate the certs, > as well to resign all clients.
Thanks again, it worked just fine. BTW, there is a typo, the required configuration option is called 'certdnsnames'. Here is what I did: 1) added 'certdnsnames' to the [puppetmasterd] section of the puppet.conf, something like this: certdnsnames = host1:host2 2) stopped master and clients on all hosts 3) moved $ssldir to $ssldir.bak on all hosts(in case it was /var/lib/puppet/ssl) 4) restarted master and clients on all hosts 5) using puppetca signed all clients again -- Best regards, Pavel --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
