Hi,
Due to our Network policy it is not possible for a minion to open a connection
to an overlord (bidirectional connections not allowed by the firewall); this
means that it is not possible for the minion to contact the certmaster to sign
its certificate. In order to circumvent this problem is it possible to
pregenerate a signed certificate for the minion? What are the other options or
possibilities I have to solve this problem? I am certainly not the only one
having to fight with unidirectional firewall rules. It could be nice feature to
tell the certmaster to get a CSR from a given hostname (minion) and sign it; as
the connection would be issued by the certmaster to the minion, the connection
would be allowed in our Network and we would be able to sign the CSR.
Thanks a lot for your help and tips.
B
_______________________________________________
Func-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/func-list
