On Tue, Feb 1, 2011 at 11:51 PM, KC Braunschweig <[email protected]>wrote:
> On Fri, Jan 28, 2011 at 11:02 AM, Daniel Pittman <[email protected]> > wrote: > > On Fri, Jan 28, 2011 at 06:47, Jed <[email protected]> wrote: > >> is this possible? > > > > Probably not usefully to you, no. You might better aim to integrate a > > stage into your host build process that will generate the certificate > > on the server and allow it to download. > > Just to clarify as I've been having this discussion recently, the > problem is the wildcard certs. If you wanted to generate individual > certs for each client system during your provisioning process and drop > it in for puppet to use rather than using puppet as a CA, that should > work, right? > Absolutely. If you already have a PKI and a method of distributing certificates/signing CSRs, you can use that and run your puppet masters with --no-ca > > Also, while it doesn't address the wildcard issue, you might be > interested in the link below. It is designed to explain a strategy for > using multiple CAs but seems like you could also use this approach to > integrate with an existing PKI. > > > http://projects.puppetlabs.com/projects/puppet/wiki/Multiple_Certificate_Authorities > > KC > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<puppet-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
