On Mon, Oct 4, 2010 at 7:17 PM, Nan Liu <n...@puppetlabs.com> wrote: > Correction. The puppet agent fetches the CA cert and it verifies the > puppet master cert is signed by the CA cert. If not, the agent will > not communicate with puppet master due to a cert mismatch.
Thanks a lot Nan. I think I have just one more clarification to ask... Where does the client fetch the CA cert from and how often? I guess I'll feel all safe if the fetching happens during the initial setup phase of a new client, and it keeps it locally from that point on. Thanks, Mohamed. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
