Could the regional masters be set up as intermediate certificate authorities ? I found a link that describes the basics. https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html Dan White | d_e_wh...@icloud.com ------------------------------------------------ “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” (Bill Waterson: Calvin & Hobbes)
On Jun 08, 2016, at 10:40 AM, Peter Berghold <salty.cowd...@gmail.com> wrote: In the puppet setup that I have where I work it has been increasingly more desirable if not required to have each of our data centers be able to operate standalone. Because of this I've been Googling around looking for a methodology to allow multiple certificate authorities in puppet. Currently we have our grand master puppet server in one Data Center and we have several Puppet Masters in other data centers in geographically diverse areas. When a new client is added with our current setup that new client has to reach out and get it certificate signed by The Grandmaster. This is getting us through setting up puppet currently but long-term this is undesirable. Can anybody point me to a methodology for setting up multiple certificate authorities that actually works? Looks like the pages on the topic I have read so far are outdated. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAArvnv2OQP5QcG9TTy_EVTursMkUdW2MhB7%3D_ZPiH7XnQ1mWrQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f5735e75-81af-4ab4-820d-3aec36d3157b%40me.com. For more options, visit https://groups.google.com/d/optout.
