On Tuesday, 17 July 2012 16:14:05 UTC+1, Matt wrote: > > Is there no one who has done this that can provide examples of how they > did it?
I would if I could. Company policy and all that. Generated the SSL certificate with the single F5 DNS address that all the clients globally will hit puppet.<domain> using puppet cert generate... Put these on the F5 and have SSL terminate there and pass on anything /certificate/ to the pool of CA servers so they can be revoked/stored and what not - although we never will. The same certs are installed on these. Anything without the /certificate/ regex will be passed from the F5 down to the puppet master pool which will contact a central ENC and do whatever it needs to do. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/cAYOzqHDhNAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.