On Fri, Nov 13, 2009 at 6:40 AM, Hubert Krause <[email protected]> wrote: > > Hello List, > > I have a problem with the CA on my Puppetmaster. This Puppetmaster is > connected to different Networks with different sub domainnames. The Puppet > clients connecting via different Interfaces. There is no routing between > subnets. Only one subnet can connect successfully. This is because the > subject in the Certificate is the name of this subnet. All other clients get: > > Could not retrieve catalog: Certificates were not trusted: hostname not match > with the server certificate > > If I use just the hostname, no client can connect successfully. It seems to > be, that there is allways the need for a single fqdn. > > The puttemaster is served via Passenger and Apache2. > > Is there a way to use the nice to use puppetca tool in this szenario or do I > have to provide as much CAs as I have subnets and do cert signing by hand? Or > is there another solution?
You are looking for the puppetmasterd config option certdnsnames. You will have to re-generate your certificates to get this working: 1) Stop puppetmasterd 2) rm -rf /var/lib/puppet/ssl 3) In your puppet.conf file, under the [puppetmasterd] section, add certdnsnames = "colon:separated:list:of:dns:names" 4) Start puppetmasterd Then you'll have to clear the ssl dirs on all the clients as well. --Paul --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
