Well, the gist of the question is in the title. Basically we want to use our exiting browser SSL CA infrastructure for the puppetdb box. We have many puppetmasters which each have their own CAs and our intent is to have a single puppetdb box that all of these talk to. Currently we are getting "SSL_connect returned1 .... certificate verify failed" errors. I would like to simply add the CA to some sort of "trust store" for the puppetmasters so that we can talk to a puppetdb that is signed by a CA that differs from the CA puppetmaster is using to sign node certs.
Hope this makes sense! I see a few different ca.pem files, but am unsure if I can just start concatenating stuff onto these and whether that will break puppetmaster's signing, etc. Thanks in advance! Hans -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3cf3ad75-4020-4e50-b7d2-2a5a7cf12459%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
