If you are using SRV records I would recommend just using the fqdn of the server for the certs as it is pretty easy to point the SRV records to that anyway. Then you can even reuse the agent cert as it has the necessary bits to be used as a server cert.
On 18 July 2014 23:27, Paul Seymour <paul.seym...@ig.com> wrote: > Hello, > > Just looking for a little "best practice" advice. > > If I am using DNS SRV records to load-balance and use multiple Puppet > Masters, and CA servers (certificate data is sync'ed) which is the best > recommended way of generating the master certificate ? > > So I set certname in the [master] section and can generate a cert in that > name perhaps - curious to know how people set master CA stuff for hostnames > other than that of the host it running on. > If so do I have to set dns_alt_names or some such for all the possible > "physical" hostnames ? Or just worry about generating one for the certname > setting in the master section of the config ? If so how > would you go about generating a master certificate set for all of those ? > > Thanks > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/e4f858b9-ecc7-4b9b-962f-f7d6554d9f0b%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/e4f858b9-ecc7-4b9b-962f-f7d6554d9f0b%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Erik Dalén -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAAAzDLecZOpo81bBsv%3DzPgqmp0-M87OtVwieNXkv3OZoqbajEA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
