On Apr 24, 11:45 am, Bill Weiss wrote:
> Autosign works, but not as you're expecting: it will sign new
> certificates, but not overwrite existing ones. At least, that's my
> experience here :)
And that's as it should be, else the name of the feature would be
"disable-authentication". Some pe
On Jan 18, 2011, at 6:08 AM, Derek Tracy wrote:
> I think that is the workflow I am going to use, before I kick off the rebuild
> run
>
> puppetca --clean
>
> and keep the in the autosign.conf so when it rebuilds and kicks off
> the puppet service the ca just autosigns the cert. It would
I think that is the workflow I am going to use, before I kick off the
rebuild run
puppetca --clean
and keep the in the autosign.conf so when it rebuilds and kicks off
the puppet service the ca just autosigns the cert. It would be nice to be
able to set a special key/password that the puppet da
one thing to keep in mind is if the server is the same name previously
there will be an issue where you will need to use the puppetca on the
master to clean out the old cert.
On Jan 14, 3:36 pm, Ohad Levy wrote:
> One way would be to enable autosign when you request your kickstart... if
> you ks
Thanks, Luke
That confirms what I was thinking. Not a huge issue, I suspect; for
more immediate purposes, I probably would rather force myself to sign
manually anyway, for now. By the time I am ready to enable
autosigning, we'll probably be umpteen versions newer...
Thanks again!
On Oct 13, 1
On Oct 10, 2008, at 4:05 PM, zoniguana wrote:
>
> Is there a way that I can simply use the hostname, without the domain,
> to get an autosigned cert?
> Alternatively, can I grant access to a block of IPs and have those
> certs autosigned?
> Do I need to add IP/name relations to the hosts file on t
