On Nov 29, 2010, at 10:13 AM, Alan Barrett wrote: > On Mon, 29 Nov 2010, Alan Barrett wrote: >> It seems to me that I should be able to take the $ssldir/ca/ca_crt.pem >> files from the two puppetmasters, concatenate them to create a >> ca-bundle.pem file, and place the bundle in some suitable place where >> any client or server can use the bundle to verify certificates from >> any CA. I haven't been able to figure out where that suitable place >> is. Help? > > So, it seems that the puppetd client is doing something different from > the "openssl s_client" command used for testing. What certificate is > the puppetd client attempting to present, and how can I change that?
Run this on the client for the config puppet is using: puppetd --genconfig Technically this won't actually use information passed to the puppet executable using flags what ever starts the service, but this usually doesn't matter. If that is too much information try: puppetd --genconfig | grep host | grep .pem You will probably need to run these as root to get the correct config. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
