Hi, signing a new master certificate should not be an issue, as long as it's signed using the same CA certificate as the old one (i.e., a CA that is trusted by all clients).
When the CA certificate expires, it should be quite possible to add a new additional CA to the master and distribute it to all agents. I don't know how the puppet tool chain supports this, though. Cheers, Felix On 12/11/2013 11:44 PM, Reid, Jamie wrote: > Hi All, > > > > Possibly a very simple thing I’m missing, but how do you renew the > Puppet Master’s ssl certificate without breaking the client/master > relationships? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52B62866.7080706%40Alumni.TU-Berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
