Re: [Puppet Users] Combine multiple CA certificates into a bundle

On Tue, 30 Nov 2010, Ohad Levy wrote: > I think you are facing https://projects.puppetlabs.com/issues/3640#note-11 > > which would hopefully > be resolved in https://projects.puppetlabs.com/issues/3770. > > I must admit that I did not have time

Re: [Puppet Users] Combine multiple CA certificates into a bundle

Hi, I think you are facing https://projects.puppetlabs.com/issues/3640#note-11 which would hopefully be resolved in https://projects.puppetlabs.com/issues/3770. I must admit that I did not have time to continue troubleshooting this further...

Re: [Puppet Users] Combine multiple CA certificates into a bundle

On Mon, 29 Nov 2010, Eric Sorenson wrote: > Have you perhaps revoked a certificate off one CA that matched the serial > number issued by another? And perhaps the second CA issued that particular > serial number to the puppet server itself? No, neither CA has ever revoked a certificate. "opens

Re: [Puppet Users] Combine multiple CA certificates into a bundle

Have you perhaps revoked a certificate off one CA that matched the serial number issued by another? And perhaps the second CA issued that particular serial number to the puppet server itself? No, I haven't done this myself, why do you ask? *whistles tunelessly* https://projects.puppetlabs.co

Re: [Puppet Users] Combine multiple CA certificates into a bundle

On Mon, 29 Nov 2010, Patrick wrote: > > So, it seems that the puppetd client is doing something different from > > the "openssl s_client" command used for testing. What certificate is > > the puppetd client attempting to present, and how can I change that? > > Run this on the client for the confi

Re: [Puppet Users] Combine multiple CA certificates into a bundle

On Nov 29, 2010, at 10:13 AM, Alan Barrett wrote: > On Mon, 29 Nov 2010, Alan Barrett wrote: >> It seems to me that I should be able to take the $ssldir/ca/ca_crt.pem >> files from the two puppetmasters, concatenate them to create a >> ca-bundle.pem file, and place the bundle in some suitable pla

Re: [Puppet Users] Combine multiple CA certificates into a bundle

On Mon, 29 Nov 2010, Alan Barrett wrote: > It seems to me that I should be able to take the $ssldir/ca/ca_crt.pem > files from the two puppetmasters, concatenate them to create a > ca-bundle.pem file, and place the bundle in some suitable place where > any client or server can use the bundle to ver

Re: [Puppet Users] Combine multiple CA certificates into a bundle

On Mon, 29 Nov 2010, Alan Barrett wrote: > I am struggling with using multiple puppet CAs. I think I am missing > information about which files are used for which purposes by different > parts of puppetmasterd, puppetd, puppetca, and the apache/passenger > frontend. For example, which file on the

[Puppet Users] Combine multiple CA certificates into a bundle

I am struggling with using multiple puppet CAs. I think I am missing information about which files are used for which purposes by different parts of puppetmasterd, puppetd, puppetca, and the apache/passenger frontend. I have an old puppetmaster (and CA), which signed certificates for old clients.