On Fri, Mar 9, 2012 at 6:15 PM, Jonathan Proulx <j...@jonproulx.com> wrote:
> I'm OK with flushing all my certs and starting over, but I have a > couple of questions. How does the puppet CA populate the altName > field? and can I make it do what I want for both the CA and the non-CA > servers or do I just need to suck it up, go get cozy with the openssl > docs and do the server certs by hand if I want them fancy like that? Jon, what version of Puppet are you running? I can't seem to find a doc on this that isn't release notes, so we should probably get a documentation bug in. You can set 'dns_alt_names' either in your puppet.conf or on the command line when the node generates a CSR. Then you can use "allow-dns-alt-names" when signing the certificate on the CA to approve those alt names. Alternatively, you can use "puppet certificate generate" on the CA and manually transmit the certificate/key to the node. $ puppet help certificate sign USAGE: puppet certificate sign [--terminus TERMINUS] [--extra HASH] <--ca-location LOCATION> [--[no-]allow-dns-alt-names] <host> Sign a certificate signing request for HOST. RETURNS: A string that appears to be (but isn't) an x509 certificate. OPTIONS: --mode MODE - The run mode to use (user, agent, or master). --render-as FORMAT - The rendering format to use. --verbose - Whether to log verbosely. --debug - Whether to log debug information. --[no-]allow-dns-alt-names - Whether or not to accept DNS alt names in the certificate request --ca-location LOCATION - Which certificate authority to use (local or remote). --extra HASH - Extra arguments to pass to the indirection request --terminus TERMINUS - The indirector terminus to use. TERMINI: ca, file, rest See 'puppet man certificate' or 'man puppet-certificate' for full help. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.