Howdy!
I might suggest starting here:
http://projects.puppetlabs.com/projects/1/wiki/certificates_and_security
It talks a little about setting up a seperate CA - this is pretty
commonly done for HA environments.
As far as pre-generating the client certs without Puppet, I'd have a
look at ssl/host.rb in the source tree to see how it does it. It has
all the logic puppet certificate --generate uses (It seems to call
generate_certificate_request), and then the logic --sign uses which
calls ca.sign. If you look through that code I'm sure you can figure
out the right options to pass openssl to do it.
Jason
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
