Issue #4175 has been updated by James Turnbull. Category set to SSL Status changed from Unreviewed to Needs design decision Assigned to set to Luke Kanies
Seems reasonable to me. Luke? ---------------------------------------- Feature #4175: Option to send the puppetmaster certification in addition to the client cert upon registration http://projects.puppetlabs.com/issues/4175 Author: Mathias Gug Status: Needs design decision Priority: Normal Assigned to: Luke Kanies Category: SSL Target version: Affected version: 0.25.5 Keywords: Branch: In the use case where there are multiple puppetmaster being loadbalanced a puppet client could get its own certificate issued by puppetmasterA while connecting to puppetmasterB afterwards. All puppetmaster certificates are issued by a trusted rootCA. Using CA chaining puppetmasterB (which trusts the rootCA cert) needs the full CA chain available in order to validate the puppet client (client cert -> puppetmasterA cert -> rootCA cert). It would be helpful to be able to configure a puppetmaster to send its own certificate in addition to the client cert upon a registration (appending its own cert to the client cert in pem format?). -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
