On 1/27/10 5:03 PM, Eric Sorenson wrote:
Ultimately I gave up, like Paul L's thread "SSL Makes My Brain Bleed", my brain
bled too and I
ended up following his hard-fought wisdom from
http://groups.google.com/group/puppet-users/msg/89b75ebe91c5985b
I.e. Setup one host to be the CA, set ca=false on the other puppetmasters, and
use puppetd
--ca_server=puppetca on initial run to point the clients at it. I sort of feel
like I should
have done this last week and saved much tooth-gnashing.
This is what I did and it Just Works(tm). I set ca_server in puppet.conf on
clients, though.
The only annoying part is that if I ever revoke something, I have to distribute the CRL to my
puppetmasters. Oh well.
-scott
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
