On Mon, Feb 1, 2010 at 8:53 PM, Scott Smith <sc...@ohlol.net> wrote: > On 2/1/10 8:10 PM, nicholas wrote: >> >> Trying to manage my certs sanely, upgrading from 0.24.8 -> 0.25.3 >> >> I setup one host as the CA and have all my clients point to that. >> Then I have several puppetmaster's running on other hosts. >> >> Problem is, puppetmasterd seems to be hardcoded to be a cert authority >> Even if I set the 'ca' flag to false. >> It keeps trying to create the ca.pem file and use that, even though I >> have one and it should use that instead.
How are you running puppet? Are you using Passenger? I found ca = false didn't work in the .conf file with Passenger, and I instead had to add --no-ca to the args. >> >> Is there a reason that the puppetmasterd has to be a CA? >> How can I get puppetmasterd to use the ca.pem file I provide for it? >> > > Are you putting the PEM in the right place? This is what my Puppetmasterd > ssl dir looks like: > > -bash-3.2$ find . > . > ./certs > ./certs/ca.pem > ./certs/puppet.domain.com.pem > ./crl.pem > ./private_keys > ./private_keys/puppet.domain.com.pem > ./public_keys > ./public_keys/puppet.domain.com.pem > ./certificate_requests > ./private > ./ca > ./ca/private > ./ca/requests > ./ca/signed > > -scott > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
