Hi, I'd like to ask for advice on certificate trust in a scenario with multiple puppet masters.
I'm in a position where I have roughly 50 environments, each with their own puppetmaster, running their own CAs. I also have another environment from where I provide some centralised services, such as an MCollective broker, a central Logstash/Elasticsearch instance, etc., and that's got its own puppetmaster as well. I have installed PuppetDB in this environment, and its cert is signed by this central puppetmaster's CA. Now I'm in a position where my environments don't trust the PuppetDB's cert because they have no knowledge of the CA that signed it. Is there a way to make them communicate? I reckon making the individual puppetmasters trust the central CA would do it, but how would I go around to do that? Thanks, Cassiano Leal -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9F2FD551-D61D-423D-A3C4-2B19095DF2EA%40gamesys.co.uk. For more options, visit https://groups.google.com/d/optout.
