On Wed, Sep 29, 2010 at 8:42 AM, Patrick <[email protected]> wrote: >> Is Apache configured for mandatory ssl? The directive is: >> SSLVerifyClient require > > Just to clarify, mandatory SSL is bad when using puppet.
No, it's not bad. The configuration depends on how you sign and distribute the puppet agent's certificate. If you have a process to generate and distribute the certs during system provisioning, it's perfectly fine to require validation of client cert. I actually prefer this method and it's not difficult to implement. However if you expect the client to submit a CSR to be signed either manually via puppet cert --sign or autosigned based on some rules in autosign.conf then this should be configured optional. Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
