Check out this WIP doc where I describe how to get intermediate certs
working. It *is* possible but there are a couple of caveats described in
the doc.
If anyone's motivated to try this out and let me know how it works for you
I'd be hugely appreciative. I got it to "works for me" level of
@Dan White: that link was pretty much what I was looking for. I take it
then you have openssl sign certs for each master (grand and remote) and
configure Puppet to use those certs.
The tricky part is going to be installing the new certs in production.
Sorta like changing a tire when the car is
Could the regional masters be set up as intermediate certificate authorities ?
I found a link that describes the basics.
https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html
Dan White | d_e_wh...@icloud.com
<puppet-users@googlegroups.com>
Sent: Wednesday, 8 June, 2016 15:40:19
Subject: [Puppet Users] Multiple CA setup.
In the puppet setup that I have where I work it has been increasingly more
desirable if not required to have each of our data centers be able to
operate standalone. Because
In the puppet setup that I have where I work it has been increasingly more
desirable if not required to have each of our data centers be able to
operate standalone. Because of this I've been Googling around looking for a
methodology to allow multiple certificate authorities in puppet. Currently
we