On Fri, Oct 29, 2010 at 08:48:22AM -0700, Dan Bode wrote: > On Thu, Oct 28, 2010 at 5:41 PM, Jay Adkisson <j4yf...@gmail.com> wrote: > > > Hey all, > > > > I need to move my puppet master to a different host with a different > > hostname. Is there a fancy way to do this that doesn't involve manually > > going to each client and cleaning the certificates? > > > > the only thing you need to move is the ca directory. > > ssldir/ca > > then you can regenerate a new master SSL certificate from that CA. As long > as the certificate is signed by the same CA which the clients already trust > it will work without having to touch the clients.
If you were careful when creating the original certificate, you won't even have to generate a new cert. I always give the puppetmaster in any domain a CNAME or A record of puppet.<insert domain name here>, whatever it's own name. I then set certname and certdnsnames in the puppetmaster config and start it up - a certificate with the right CN will be created. -- Bruce Get thee behind me, Stan: for it is written, thou hast gotten me into another fine mess. -- Oliver 4:8 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
