I am struggling with using multiple puppet CAs. I think I am missing information about which files are used for which purposes by different parts of puppetmasterd, puppetd, puppetca, and the apache/passenger frontend.
I have an old puppetmaster (and CA), which signed certificates for old clients. I want to add a new puppetmaster (and CA) and let it sign certificates for new clients. I want any client (old or new) to be able to work with any master (old or new). I would prefer not to have to set up a centralised CA hierarchy; the self-signed CA certificates would be good enough if I could just figure out how to combine them into usable bundles. It seems to me that I should be able to take the $ssldir/ca/ca_crt.pem files from the two puppetmasters, concatenate them to create a ca-bundle.pem file, and place the bundle in some suitable place where any client or server can use the bundle to verify certificates from any CA. I haven't been able to figure out where that suitable place is. Help? --apb (Alan Barrett) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
