We've had the occasional fat finger in the client certs directory and all certs being deleted. Everything carried on as usual...
John On 13 March 2013 20:36, Felix Frank <[email protected]> wrote: > Hi, > > I concur that cryptographically, there is absolutely no sense in keeping > the signed certificates around. > > That being said, I'm not entirely sure that the puppet master will work > after removing them, but I expect it will. > > Just give it a shot. You can always move them back in :-) > > Cheers, > Felix > > On 03/08/2013 05:36 PM, Mason Turner wrote: > > This may be a crazy question, but do we have to keep the generated > client certs on the puppetca? What would be the harm in deleting them? > > > > I ask because we have our puppetca geographically redundant, and we keep > the certs synced with our old friend rsync. > > > > If we didn't even try to store the certs, we wouldn't have to keep them > in sync. We could run the CAs active-active. I'm pretty sure puppet-agent > and server will continue to work just fine, right? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- John Warburton Ph: 0417 299 600 Email: [email protected] -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
