On Mon, Mar 22, 2010 at 2:01 PM, Arnauld <a.micheli...@gmail.com> wrote:
> Hi, > > It may be obvious but I don't understand what the 'ca/ca_*.pem' and > the 'certs/ca.pem' files stand for :( > It sounds a bit 'redundant' to me.... > Someone has an explanation ? > > Hi Arnauld, Have you seen http://projects.reductivelabs.com/projects/puppet/wiki/Certificates_And_Security... it goes into a bit more detail than you would like, perhaps. CA means "certificate authority". PEM is a certificate format. In short (copying from Dan's notes): 1. ca/private/ca.pass - stores the password for the CA's private key. 2. ca/signed/ - directory where all signed certificates are stored, these are created by puppet --sign (or automatically is auto-signing is enabled) 3. ca/requests/ - this is where pending requests are stored, they are removed when puppetca --sign is run 4. ca/ca_key.pem - Private key for the CA (this is what it uses to sign things?) 5. ca/ca_crl.pem - this the the list of certificates that have been revoked. 6. ca/ca_crt.pem - this is the self signed certificate for the CA. 7. ca/ca_pub.pem - public key 8. ca/inventory.txt - list of all keys that have been signed. 9. ca/serial - CA's counter that ensures a unique ID for each key. Hope that helps! --Michael -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.