-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> * did I mention ssl? >> > I think you did!
Well I think this point is/was anyway obvious, unfortunately. SSL Certs can be get complicated and they are very strict. But this is how they work and it is good that they work that way. And that's exactly why Luke (dunno who else was involved at that time) built puppetca and I remember you et. al. doing certmaster for the same reasons. Unfortunately there are still some corner points missing. But I think another 50-90% (?) of them might be nailed down having something like puppetcheck present. So what's left would be some very exotic cases. I have to admit that I never encountered any serious problems. But people in IRC support a lot of people having problems and as SSL is a central part it can get very frustrating if you don't get immediately some test manifests running on your master/client setup. People even asked/suggested that it might be nice to have something like a non-ssl way to communicate with the puppetmaster. But I don't think that this is an idea that should be considered at all; at least I like it to know that there is no possibility at all that my manifests could be transported un- or only weak-encrypted. Ok, I didn't want to look it like another SSL rant, so I thought to add a few more words than only SSL ;) cheers pete -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktor1wACgkQbwltcAfKi38ovQCdGWYL179qSgEGRpB+bdPuNfcs M+0An3WH+sEfrI1NeB3w+REEIwP+HM1x =6s6a -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
