Hello,
I'm tryning to have puppet working whitout handling any part of a pki.
On one side I've got a puppet installation working, on the other side
a PKI.(dogtag)
I try to tell puppetmasterd to use my CA.crt and an already
functionning cert, but at launch time it still generates his own
certificate request. So I tried to sign his request, but he still
ignore the certificate.
here's a excerpt from the puppet.conf
[puppetmasterd]
ca = false
hostcert = /tmp/cert/server/puppet.crt
cacert = /tmp/cert/server/ca.crt
hostpubkey = /tmp/cert/server/puppet.pub.key
hostprivkey = /tmp/cert/server/puppet.key
# here's the log when I launch
# puppetmasterd --no-daemonize
Could not run: Could not retrieve certificate for
ipa2.gamma.agorabox.org and not running on a valid certificate
authority
# Just to be sure I've verified "hostcert" against the ca.
# openssl verify -CAfile ca.crt puppet.crt
puppet.crt: OK
# Here is the information in the contained in the "hostcert"
Subject: DC=org, DC=agorabox, OU=gamma,
CN=ipa2.gamma.agorabox.org
....
X509v3 extensions:
....
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment,
Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
....
Thanks
Piir
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
