Hi, good thinking, but the CA certificate is not used when accepting SSL connections (or it shouldn't be, as far as I'm concerned).
You can determine the certificate that is presented using openssl s_client -connect puppetserver.ops.ss:8445 (assuming that is your masterport). You may need to share the server cert among your masters, not only the CA cert. HTH, Felix On 01/27/2014 06:59 PM, Vassiliy Vins wrote: > #openss x509 -text -noout -in /var/lib/puppet/ssl/certs/ca.pem on > secondary puppetmaster > gives CN=Puppet CA:puppetserver.ops.ss -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52F4AA08.8010503%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.