Many thanks for the re-signing of the CA idea. I can report that it worked for me, although I had to run the webrick version of puppetmaster to regenerate the puppet master's certificate.
Since I have a full mcollective deployment as well, I was able to use the following steps to automate the cert regen on my clients: puppet cert clean <host> mco puppet resource exec "/bin/rm -rf /var/lib/puppet/ssl/*" -W fqdn=<host> mco puppet runonce -W fqdn=<host> puppet cert sign <host> I think I'll run a nightly cron job off my puppet server to search for certificate files that are within 14 days of expiring, and auto-regen them using this method. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/69509286-2f96-49cd-8b5c-2d5dc9f285da%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
