On Sun, Aug 21, 2011 at 8:31 AM, Nicolai <[email protected]> wrote:
> To make sure you have a clean client and master knows nothing about it, > (ssl-wise) do the following: > > on master: > puppetca --clean client.example.com > > on client: > rm -r /var/lib/puppet/ssl > puppetd --test > The puppetca and puppetd tools are deprecated, no? Also, my client machines do not have the puppet master program installed. I also do not believe it reasonable for me, the end user of puppet, to be forced to be so hands-on with puppet's ssl certificates. I am led to understand that some individuals run their own CA but, in my case, I let puppet generate everything and the puppet tooling _should_ be clever enough to manage its certificates but, given the volume of ssl questions and errors on this mailing list, is not. > back to master: > puppetca --list (to check for the signing request from client) > puppetca --sign client.example.com > > on client: > puppetd --test > > and you shouldnt have any issues with ssl-connection. (if time/dns etc is > correct). > > > Nicolai Mollerup > Thank you very much; very helpful. > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/Ssoxy6kT-f0J. > > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- Brian L. Troutwine -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
