On Jul 1, 2010, at 4:47 PM, R.I.Pienaar wrote:
----- "Luke Kanies" <[email protected]> wrote:
On Jul 1, 2010, at 14:14, Bryan Kearney <[email protected]> wrote:
Next questions.. again. my goal is to have puppet work with an
external set of x.509 credentials.
(1) When puppetmasterd starts up, it creates a CSR for $certname.
What is this certificate used for? I would assume that the CA's cert
and keys would be used in all SSL communication. Is that not correct?
Nope - the CA cert is only ever used for signing certs and CRLs.
Each
host has a separate cert for actual communication.
I can't verify atm, but I think CA cert can't even be used for
communication.
It verifies that the clients are signed by the ca using the ca cert
doesnt it? Or does it just check the master cert and the client cert
is from the same ca?
That's true - the CA cert is passed around to all of the clients and
is used to validate the cert on each end of the connection.
--
Talent hits a target no one else can hit; Genius hits a target no one
else can see. -- Arthur Schopenhauer
---------------------------------------------------------------------
Luke Kanies -|- http://puppetlabs.com -|- +1(615)594-8199
--
You received this message because you are subscribed to the Google Groups "Puppet
Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
