This is exactly the use case, I require in my scenario. I must have several Puppet CAs, each acting as intermediate CA that has an individual CA certificate signed by a single root CA. Each intermediate CA signes the certificates of some puppet agents. I have created a small picture to show you how the scenario should look like.The root puppetmaster acts as a bootstrapping node that should set up different nodes as puppetmaster when someone assignes the puppetmaster role to this new node.
<https://lh3.googleusercontent.com/-1hk53wsrMOg/V2zCv9VOU5I/AAAAAAAAAAo/1W0hjDgCgxEnm1DkzO55BqWK0Ttlp6OJQCLcB/s1600/Puppet-CAs.png> Has anybody an idea, if this scenario can be realized with the help of Puppet? The most interesting question is how Puppet behaves when you assign "ca = true" to an agent node and assign "ca_server = <Puppetmaster Root CA>". -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c4e2777c-b21b-4923-b12c-27eaec0377ea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
