We've had the occasional fat finger in the client certs directory and all
certs being deleted. Everything carried on as usual...
John
On 13 March 2013 20:36, Felix Frank wrote:
> Hi,
>
> I concur that cryptographically, there is absolutely no sense in keeping
> the signed certificates around.
Hi,
I concur that cryptographically, there is absolutely no sense in keeping
the signed certificates around.
That being said, I'm not entirely sure that the puppet master will work
after removing them, but I expect it will.
Just give it a shot. You can always move them back in :-)
Cheers,
Felix
This may be a crazy question, but do we have to keep the generated client certs
on the puppetca? What would be the harm in deleting them?
I ask because we have our puppetca geographically redundant, and we keep the
certs synced with our old friend rsync.
If we didn't even try to store the certs
