Hi, attached is a patch that I use to prevent puppet from overwriting the CA certificate if it is already present on the local host.
Regards, Ansgar
Subject: Do not overwrite CA certificate From: Ansgar Burchardt <ans...@mathi.uni-heidelberg.de> Bug-Debian: http://bugs.debian.org/525850 --- puppet.orig/lib/puppet/network/client/ca.rb +++ puppet/lib/puppet/network/client/ca.rb @@ -48,7 +48,9 @@ # Only write the cert out if it passes validating. Puppet.settings.write(:hostcert) do |f| f.print cert end - Puppet.settings.write(:localcacert) do |f| f.print cacert end + unless FileTest.exist?(Puppet[:localcacert]) + Puppet.settings.write(:localcacert) do |f| f.print cacert end + end @cert end