On Mon, Mar 22, 2010 at 11:39 AM, Michael DeHaan <[email protected]>wrote:
> > > On Mon, Mar 22, 2010 at 2:01 PM, Arnauld <[email protected]> wrote: > >> Hi, >> >> It may be obvious but I don't understand what the 'ca/ca_*.pem' and >> the 'certs/ca.pem' files stand for :( >> It sounds a bit 'redundant' to me.... >> Someone has an explanation ? >> >> > Hi Arnauld, > > Have you seen > http://projects.reductivelabs.com/projects/puppet/wiki/Certificates_And_Security... > it goes into a bit more detail than you would like, perhaps. > > CA means "certificate authority". PEM is a certificate format. > > In short (copying from Dan's notes): > > > 1. ca/private/ca.pass - stores the password for the CA's private key. > 2. ca/signed/ - directory where all signed certificates are stored, > these are created by puppet --sign (or automatically is auto-signing is > enabled) > 3. ca/requests/ - this is where pending requests are stored, they are > removed when puppetca --sign is run > 4. ca/ca_key.pem - Private key for the CA (this is what it uses to sign > things?) > 5. ca/ca_crl.pem - this the the list of certificates that have been > revoked. > 6. ca/ca_crt.pem - this is the self signed certificate for the CA. > 7. ca/ca_pub.pem - public key > 8. ca/inventory.txt - list of all keys that have been signed. > 9. ca/serial - CA's counter that ensures a unique ID for each key. > > > this list is missing the cert that you asked about :) cert/ca.pem - this is the CA's cert that is used to establish trust. As in, I trust people that have been signed by this certificate. This file exists on both the client and server. > Hope that helps! > > --Michael > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<puppet-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
