You would have to sync serial number too? On Thu, Jun 14, 2012 at 12:10 PM, david.gar...@gmail.com < david.gar...@gmail.com> wrote:
> If puppet is to be enterprise than I would think we should be able to use > a CA generated for the organization? > > > On Thu, Jun 14, 2012 at 12:03 PM, david.gar...@gmail.com < > david.gar...@gmail.com> wrote: > >> Yeah, >> >> Good question: Sorry for the interjection. I would like to create a none >> puppet generated CA and intermediate CA for my puppet master. I tried but >> failed. Does anyone have a procedure or has anyone done this? >> >> Thanks, >> Dave Garvey >> >> >> On Thu, Jun 14, 2012 at 9:45 AM, Jeff McCune <j...@puppetlabs.com> wrote: >> >>> Is the same CA is being used to issue the lb certificate and issue the >>> agent certificate? >>> >>> Could you paste the output of `puppet cert print puppetlb.example.com` >>> and again for the agent you're seeing the error on? `puppet cert >>> print <agent_certname>` >>> >>> -Jeff >>> >>> On Thu, Jun 14, 2012 at 7:50 AM, kai <kaiva...@gmail.com> wrote: >>> > Puppet version 2.7.14 on Ubuntu. >>> > My puppet master config: >>> > >>> > [main] >>> > logdir=/var/log/puppet >>> > vardir=/var/lib/puppet >>> > ssldir=/var/lib/puppet/ssl >>> > rundir=/var/run/puppet >>> > factpath=$vardir/lib/facter >>> > templatedir=$confdir/templates >>> > >>> > [master] >>> > ssl_client_header = SSL_CLIENT_S_DN >>> > ssl_client_verify_header = SSL_CLIENT_VERIFY >>> > >>> > And the puppet agent config: >>> > >>> > [main] >>> > logdir=/var/log/puppet >>> > vardir=/var/lib/puppet >>> > ssldir=/var/lib/puppet/ssl >>> > rundir=/var/run/puppet >>> > factpath=$vardir/lib/facter >>> > templatedir=$confdir/templates >>> > >>> > [agent] >>> > server = puppetlb.example.com >>> > runinterval = 1800 >>> > splay = false >>> > configtimeout = 1200 >>> > noop = false >>> > autoflush = true >>> > report = false >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> > To post to this group, send email to puppet-users@googlegroups.com. >>> > To unsubscribe from this group, send email to >>> puppet-users+unsubscr...@googlegroups.com. >>> > For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >>> > >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to >>> puppet-users+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >>> >>> >> >> >> -- >> David Garvey >> > > > > -- > David Garvey > -- David Garvey -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
