Can someone, anyone, help me understand what it takes -- if indeed it's even possible -- to use a custom CA with puppetmasterd. Such that, for every client it signs, the cert for that client actually says something meaningful about my organization, and was ultimately signed by our own root CA.
I made a valid sub-CA for my puppet server, signed by my organization's root CA. I placed those files carefully into /var/lib/ puppet/ssl/ca and put the necessary path declarations into puppet.conf. Nevertheless, puppetmasted stubborn refuses to accept this certificate. [root@nagios puppet]# /usr/sbin/puppetmasterd --debug --verbose --no- daemonize debug: Failed to load library 'rubygems' for feature 'rubygems' debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ dscl does not exist debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Failed to load library 'ldap' for feature 'ldap' debug: Puppet::Type::User::ProviderLdap: feature ldap is missing debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: /File[/var/lib/puppet/server_data]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/ lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/run/puppet/master.pid]: Autorequiring File[/var/run/ puppet] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/manifests]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/ puppet] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/ var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/public_keys/puppet.renci.org.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/yaml]: Autorequiring File[/var/lib/ puppet] debug: /File[/etc/puppet/fileserver.conf]: Autorequiring File[/etc/ puppet] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/etc/puppet/auth.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/reports]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/bucket]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/private_keys/puppet.renci.org.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/log/puppet/masterhttp.log]: Autorequiring File[/var/ log/puppet] debug: /File[/var/lib/puppet/ssl/private_keys/puppet.renci.org.pem]/ mode: mode changed '640' to '600' debug: /File[/var/lib/puppet/ssl/public_keys/puppet.renci.org.pem]/ mode: mode changed '640' to '644' debug: Finishing transaction 23846103120600 notice: Starting Puppet master version 2.6.6 Could not run: Could not retrieve certificate for puppet.renci.org and not running on a valid certificate authority -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
