On Thu, Aug 25, 2011 at 8:02 AM, It Dept <i...@ukcrd.com> wrote: > Thanks for the suggestions, these have given us some possibilities to > look at. > > Just to be clear: Is there no built in way to force the puppet client > to NEVER retrieve certificates/CA without verifying the certificate > chain first? (without hacking through code) >
I may be reading your request incorrectly, but it almost sounds like you don't really want to have the Puppet CA at all, and just want to generate certificates manually and distribute them yourself. Would launching all your masters with --no-ca help here? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
