> 0x0000 is typically the CA cert, was the inventory.txt file blank when > this occurred? If you have all the certificates, you can use puppet > cert -pa and extract the serial number, date, and CN info. I'm not > sure if there's an automated way using openssl commands. This might be > reasonably close (output should be sorted by serial number):
Here's the problem as I understand it. We have several puppetmaster servers, due to the large number of clients and networks that need to be supported. We synchronize SSL certs between load balanced hosts using rsync. Somehow or other we occasionally end up getting a host in the inventory.txt file with 0x0000 serial number. Unfortunately this seems to reset the counter and new hosts will end up with duplicate serials to other hosts previously listed in the file. How do you all handle load balancing and certificate management? Is there a way to have a master authority cert server, that all the other nodes turn to for all things SSL? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
