On Fri, Jan 28, 2011 at 11:02 AM, Daniel Pittman <dan...@puppetlabs.com> wrote: > On Fri, Jan 28, 2011 at 06:47, Jed <jedbl...@gmail.com> wrote: >> is this possible? > > Probably not usefully to you, no. You might better aim to integrate a > stage into your host build process that will generate the certificate > on the server and allow it to download.
Just to clarify as I've been having this discussion recently, the problem is the wildcard certs. If you wanted to generate individual certs for each client system during your provisioning process and drop it in for puppet to use rather than using puppet as a CA, that should work, right? Also, while it doesn't address the wildcard issue, you might be interested in the link below. It is designed to explain a strategy for using multiple CAs but seems like you could also use this approach to integrate with an existing PKI. http://projects.puppetlabs.com/projects/puppet/wiki/Multiple_Certificate_Authorities KC -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
