On 25 Oct 2011, at 11:46, Brice Figureau wrote: > Hi Tom, > > On Tue, 2011-10-25 at 11:20 +0200, Tom De Vylder wrote: >> Hi all, >> >> Is there a more elegant way to regenerate the Puppet master >> certificate than what's described in the CVE-2011-3872 toolkit? > > You're talking about generating a master cert or a master CA cert?
Both actually. >>> If you can maintain a secondary shell session to the puppet master >> server, you can start a WEBrick master with puppet master >> --no-daemonize --verbose and stop it with ctrl-C. >>> If you prefer to only maintain one shell session, you can start a >> WEBrick master with puppet master and stop it with kill $(cat $(puppet >> master --configprint pidfile)). >> Source: README.pdf inside the toolkit. >> >> I used to be able to do this by running 'puppetca'. But ever since >> puppetca isn't available anymore I can't seem to find any information >> on how to do it instead. > > Puppetca is now called "puppet cert". Correct me if I'm wrong but it can only generate client certs. >> Well other than what's described above that is. But that's not >> feasible in an automated fashion. I'd like to deploy a second puppet >> master. > > -- > Brice Figureau > Follow the latest Puppet Community evolutions on www.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
