Hi I've installed puppet and made autosigning work like a charm (EPEL version 0.25-5 for EL4 and EL5)
What I would like to do know is to setup the environment in order to achieve: As server can be reinstalled and a new CA created, clients should either expire, or accept any cert while using autosigning. I've tested so far: - puppetmaster machine can be reinstalled so a new CA will be created by default - If the server ca is recreated, clients stop connecting because of certificate verification failure - clients should be able to connect to that server, so I've tried making CA and host cets expire faster with no luck - I need to setup ca_ttl > 3 days because if not, created pem will have "not valid after" before current date/time - After creating CA with expiration +25 years, and host with 3 days, if I change host date, can't get a new certificate from server. As workarrounds I've considered packaging ca certificates with my config distribution, so all servers, even when reinstalled will share same CA, but I find more clean to just regenerate certificates on daily basis automatically. ¿How should I setup this? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
