Howdy!
I might suggest starting here:
http://projects.puppetlabs.com/projects/1/wiki/certificates_and_security
It talks a little about setting up a seperate CA - this is pretty
commonly done for HA environments.
As far as pre-generating the client certs without Puppet, I'd have a
look at ssl/host.rb in the source tree to see how it does it. It has
all the logic puppet certificate --generate uses (It seems to call
generate_certificate_request), and then the logic --sign uses which
calls ca.sign. If you look through that code I'm sure you can figure
out the right options to pass openssl to do it.
Jason
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
