Just an addition to the question, can i change the contents of /etc/puppetlabs/puppet/ssl/certs without any issues to the CA that puppetserver creates? Would that be my solution?
On Thursday, March 28, 2019 at 2:37:10 PM UTC-7, Aditya S wrote: > > Hello, > > Is there a way for me to generate a CSR to have a puppetserver signed by > an external CA like Digicert? I wanted to do the following: > > 1. Create two master servers, master1.example.de & master2.example.de and > create a Load Balancer DNS name master.example.de > 2. Generate a CSR for my masters which will signed by Digicert. > 3. Import the thus obtained signed certs to the master and have all the > agents be signed by master1.example.de and sync > the /etc/puppetlabs/puppet/ssl folder to master2.example.de > > I was able to get 1. kinda working by using "server" and "dns_alt_names" > in the puppet.conf and verified it by looking at the actual cert but I > don't know how to compound it with 2 and 3. > > Please let me know how this can be done > > Thanks! > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b10687f1-7ff8-4e7d-9f86-798b15c3b9ac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
