Hi El día 21 de junio de 2010 11:53, Pablo Iranzo Gómez <pablo.ira...@gmail.com> escribió: > Hi > > I've installed puppet and made autosigning work like a charm (EPEL > version 0.25-5 for EL4 and EL5) > > What I would like to do know is to setup the environment in order to > achieve: > > As server can be reinstalled and a new CA created, clients should > either expire, or accept any cert while using autosigning. > > > I've tested so far: > > - puppetmaster machine can be reinstalled so a new CA will be created > by default > - If the server ca is recreated, clients stop connecting because of > certificate verification failure > - clients should be able to connect to that server, so I've tried > making CA and host cets expire faster with no luck > - I need to setup ca_ttl > 3 days because if not, created pem will > have "not valid after" before current date/time > - After creating CA with expiration +25 years, and host with 3 days, > if I change host date, can't get a new certificate from server. > > As workarrounds I've considered packaging ca certificates with my > config distribution, so all servers, even when reinstalled will share > same CA, but I find more clean to just regenerate certificates on > daily basis automatically. > > ¿How should I setup this?
Does this will get covered when fix for #3360 gets out? Thanks Pablo -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
