Il 22/dic/2013 00:46 "Felix Frank" <felix.fr...@alumni.tu-berlin.de> ha scritto: > > Hi, > > signing a new master certificate should not be an issue, as long as it's > signed using the same CA certificate as the old one (i.e., a CA that is > trusted by all clients). > > When the CA certificate expires, it should be quite possible to add a > new additional CA to the master and distribute it to all agents. I don't > know how the puppet tool chain supports this, though. > In pki term this is called a Key Rollover. It is a standard ca practice.
Best regards > Cheers, > Felix > > On 12/11/2013 11:44 PM, Reid, Jamie wrote: > > Hi All, > > > > > > > > Possibly a very simple thing I’m missing, but how do you renew the > > Puppet Master’s ssl certificate without breaking the client/master > > relationships? > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52B62866.7080706%40Alumni.TU-Berlin.de . > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAH5b-BUbGRg-9%3DrhACN0f3uYUY13x2rS%2BHWAxXOFQi%2B1JygOTA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
