Hi, On 07/19/2012 05:07 PM, Laurence Lenberg wrote: > I'm looking for a solution which manages generation and installation of > client certificates. This is required we have a lot of re-installations, > so we want to reuse already in place certificates. For security it is > sufficient that the host to be part of our-domain.com > > The solution that comes closest to this requirement is this > http://www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CFcQFjAA&url=http%3A%2F%2Fpuppet-manifest-share.googlecode.com%2Ffiles%2Fpuppet_certificate.pdf&ei=th4IUK__FMTZtAaxqdSYAw&usg=AFQjCNFinQKIAjCpcpltaq1ST01rjYb3xA > <http://www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CFcQFjAA&url=http%3A%2F%2Fpuppet-manifest-share.googlecode.com%2Ffiles%2Fpuppet_certificate.pdf&ei=th4IUK__FMTZtAaxqdSYAw&usg=AFQjCNFinQKIAjCpcpltaq1ST01rjYb3xA> > by http://code.google.com/u/huangmingyou/ > but I haven't heard of anyone using it. Has anyone tried this out yet or > has a similar setup or solution? Are the scripts gen_cert_tgz.sh and > gen_agent_cert.sh described in the document available for download > somewhere else?
Does not compute. A quick glance at the linked document suggests it's a description of the normal way puppet certificates are handled. Please point out what you perceive as a possible solution to your problem. Reusing certificates is no problem, provided you set up an infrastrucutre that - stores certificates - includes those certificates to your machines during provisioning I.e., during re-installation of the OS, the signed cert is transferred to the machine somehow. If you manage to do that in a secure manner, you should be all set. HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
