On 31/03/14 08:48, Spencer Krum wrote:
The puppetmaster doing catalog compilation, puppetmaster-client in your
case, does verify that the client cert is not in the CRL. However, you
have to help it out a bit. For one, you need the puppetmaster-client to
get the most recent CRL from the puppetmast
The puppetmaster doing catalog compilation, puppetmaster-client in your
case, does verify that the client cert is not in the CRL. However, you have
to help it out a bit. For one, you need the puppetmaster-client to get the
most recent CRL from the puppetmaster (the CA server) on a regular basis,
of
On 31/03/14 08:13, Spencer Krum wrote:
When you have a separate server providing the CA service, it is only
contacted when a client first connects. After the client's cert is
signed, the CA server does nothing. Does that make sense?
Yes and no.
Yes - I'm not missing something :)
No - I can't c
When you have a separate server providing the CA service, it is only
contacted when a client first connects. After the client's cert is signed,
the CA server does nothing. Does that make sense?
On Sun, Mar 30, 2014 at 2:07 PM, Chris wrote:
> Hi,
>
> Apologies if this appears twice, I couldn't s
Hi,
Apologies if this appears twice, I couldn't see it show up in the archives.
I've been trying to set up a separate ca server for puppetmaster and
failing. I'm sure I've missed something but I'm not sure where to look.
server a is the puppetmaster:
[main]
ca_server = puppetmaster.puppe
Hi,
I've been trying to set up a separate ca server for puppetmaster and
failing. I'm sure I've missed something but I'm not sure where to look.
server a is the puppetmaster:
[main]
ca_server = puppetmaster.puppet.local
[agent]
server = puppetmaster.puppet.local
[master]
ca=true
