On Monday, May 6, 2013 10:03:15 AM UTC+2, Tomáš Brandýský wrote: > Hello, > > We've been running puppet for 5 years until the last week when the > certificate on the puppet server is expired. > We were looking for a procedure describing how to create a new server > certificate without a need to reconfigure certificates on puppet clients > (about 100 servers) but we couldn't find anything regarding this issue > within puppet's documentation. > Is there any best practice guidance to easily fix the problem when puppet > master certificate is expired ? > > I just discovered that our CA expires next year because of this post, thanks for that :)
Anyway I think the easy way is to setup some autosigning of clients after creating a new CA. Think you will have to clean the ssl-dir on clients for this to work, though. Since we are going to make a brand new puppetmaster here sometime before our CA expires that will be my approach to make the transition smoother. /Nicolai -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
