Hello, I'm tryning to have puppet working whitout handling any part of a pki. On one side I've got a puppet installation working, on the other side a PKI.(dogtag)
I try to tell puppetmasterd to use my CA.crt and an already functionning cert, but at launch time it still generates his own certificate request. So I tried to sign his request, but he still ignore the certificate. here's a excerpt from the puppet.conf [puppetmasterd] ca = false hostcert = /tmp/cert/server/puppet.crt cacert = /tmp/cert/server/ca.crt hostpubkey = /tmp/cert/server/puppet.pub.key hostprivkey = /tmp/cert/server/puppet.key # here's the log when I launch # puppetmasterd --no-daemonize Could not run: Could not retrieve certificate for ipa2.gamma.agorabox.org and not running on a valid certificate authority # Just to be sure I've verified "hostcert" against the ca. # openssl verify -CAfile ca.crt puppet.crt puppet.crt: OK # Here is the information in the contained in the "hostcert" Subject: DC=org, DC=agorabox, OU=gamma, CN=ipa2.gamma.agorabox.org .... X509v3 extensions: .... X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication .... Thanks Piir -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.