Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?

Dear Matt, On Wednesday, February 20, 2013 10:39:51 PM UTC, Matt wrote: > > I run an F5 load balancer with SSL termination at the F5 and I dont > need to put the CA cert anywhere except the F5. The actual CA signs > the certs. The CA cert is only really used to authenticate the client > cert. T

Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?

Dear Matt, On Wednesday, February 20, 2013 5:41:11 PM UTC, Matt wrote: > > I think you're trying to over complicate the situation here. > > Yes its a single point of failure but unfortunately that is not going > to change anytime between now and maybe 6 months. > I am aware of that, and I am fi

Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?

On Wednesday, February 20, 2013 12:58:44 PM UTC, Felix.Frank wrote: > > On 02/20/2013 01:28 PM, spankt...@gmail.com wrote: > > And what would be the purpose of that? That still includes using puppet > > to create CA, and I want to avoid that completely. > > Ah, right. I forgot step 5. Which i

Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?

On Wednesday, February 20, 2013 12:00:07 PM UTC, Felix.Frank wrote: > > On 02/20/2013 12:02 PM, spankt...@gmail.com wrote: > > > > Regardless of how much use it has, it is a spof. Once it's down, whole > > cluster malfunctiones. With monolithic CA server down, all clusters are > > malfunctio

Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?

Dear Felix, On Wednesday, February 20, 2013 10:51:50 AM UTC, Felix.Frank wrote: > > On 02/20/2013 11:37 AM, spankt...@gmail.com wrote: > > Incorrect. You *do* want to create new CA's. What about different > > puppetmasters pools? Imagine you and me, we both want a puppetmasters > > setup with

Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?

Dear Felix, On Wednesday, February 20, 2013 9:58:45 AM UTC, Felix.Frank wrote: > > Hi, > > I think I understood your goal well enough, and it's sound in and of > itself, but I believe you have some misconceptions on how to implement > this. > > First off, so we're on the same page: The CA is y

Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?

Thanks Pete, but unfortunately that wont work. The nodes are out of my control, and all I can do is to provide their owners client certs via web gui. In addition to that, I would need multiple CA's, as the clients (and puppetmasters) would be destinated for different owners, and they shouldnt s

Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?

Dear Felix, I think you're getting it wrong, let me clarify it a bit. The goal of this is to be able to write web interface for generating puppetmasters CA's and client certificates on demand. An example: install 3 puppetmasters with loadbalancer in front. Use web interface to generate CA and c

[Puppet Users] Re: How to manually create Puppet CA and client certificates using openssl?

Bumping - no one knows if its possible or isnt it possible at all? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To

[Puppet Users] How to manually create Puppet CA and client certificates using openssl?

I am wondering how to manually (using openssl instead of puppet cert command) create CA that would be usable by Puppet? The goal would be to script creation of such CA's to deploy them on multiple puppetmasters, instead of certificates being created on them via puppet cert command. Any ideas