All of the certs in both Puppet and Pulp are simply X.509 key pairs. You absolutely *can* use the same certs for both, the question is whether or not you want your subsystems on the same trust chain across your systems.
I personally like the separation of my Puppet key infrastructure from all others since it's effectively the keys to the kingdom on all of your nodes. I don't like the idea of a less trusted service (Pulp) being able to access my Puppet keys. That said, environments are different and you certainly can use the same keys for everything. Trevor On Wed, Sep 10, 2014 at 1:33 PM, James <[email protected]> wrote: > On Wed, Sep 10, 2014 at 1:21 PM, Cristian Falcas > <[email protected]> wrote: > > Hello, > > > > Can we use pulp with the certificates generated by puppet? > > > > What should be done for this? Can we replace the pulp signing of > > certificates with what puppet does? Or do we need to use the same master > ca > > files from puppet for pulp also? > > > > Best regards, > > Cristian Falcas > > > > What would be really nice is if all the cert management puppet does > was replaced by FreeIPA... > > IIRC, this has been demonstrated, and documented, but it's not common > practice yet. > > _______________________________________________ > Pulp-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pulp-list > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 [email protected] -- This account not approved for unencrypted proprietary information --
_______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
