there are a few very good SSL recipe wiki pages - one of them that I wrote about SSL authentication chains - http://reductivelabs.com/trac/puppet/wiki/PuppetScalability under the section Centralized Puppet Infrastructure
Ohad On Tue, Nov 24, 2009 at 5:05 AM, Peter Meier <peter.me...@immerda.ch> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi > > > 1. Start the production puppet master as usual. This will be your CA. > > 2. In your development puppet master, set ca = false and ca_server = > > production.hostname in puppet.conf in the puppetmasterd section. Also > > set server = production.hostname in the puppetd section. > > 3. In your development puppet master, run puppetd first! This is > > needed to generate the certificates and request the CA to sign them. > > If you start puppetmasterd first it will fail. > > 4. Sign the development puppet master certificate on your production > > puppet master or set autosign. > > 5. Once the certificate is signed, re-run puppetd to verify. > > 6. Start the development puppet master. > > 7. In your development clients, set ca_server = production.hostname to > > have the production puppet master sign their certificates since its > > your only CA. > > would be awesome if you could document that on the wiki. > > cheers pete > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksK+QAACgkQbwltcAfKi3/qiACgioznQvrbmf6jbhJKajqaaLOx > p9kAnjLvuFNhG5jbcEShnjUiCjCuINyt > =Jf/T > -----END PGP SIGNATURE----- > > -- > > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=. > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
