Hi, I concur that cryptographically, there is absolutely no sense in keeping the signed certificates around.
That being said, I'm not entirely sure that the puppet master will work after removing them, but I expect it will. Just give it a shot. You can always move them back in :-) Cheers, Felix On 03/08/2013 05:36 PM, Mason Turner wrote: > This may be a crazy question, but do we have to keep the generated client > certs on the puppetca? What would be the harm in deleting them? > > I ask because we have our puppetca geographically redundant, and we keep the > certs synced with our old friend rsync. > > If we didn't even try to store the certs, we wouldn't have to keep them in > sync. We could run the CAs active-active. I'm pretty sure puppet-agent and > server will continue to work just fine, right? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
