- Puppet 2.7 Cookbook
- John Arundel
- 166字
- 2021-04-02 18:19:57
Pre-signing certificates
Because of the security implications, it's best to avoid using autosign if you can help it. In general, if you want to automate adding a large number of clients, it's better to pre-generate the certificates on the Puppetmaster and then push them to the client as part of the build process. You can use puppet cert --generate <hostname> to do this.
How to do it...
- Generate a pre-signed certificate for
client1.example.comwith the following command:puppet cert --generate client1.example.comPuppet will now generate and sign a client certificate in the name of
client1.example.com. - Transfer the three required files; the private key, the client certificate, and the CA certificate, to the new client. These are found in the following locations:
/etc/puppet/ssl/private_keys/client1.example.com.pem/etc/puppet/ssl/certs/client1.example.com.pem/etc/puppet/ssl/certs/ca.pemTransfer these to the corresponding directories on the client, and it will then be authenticated without the certificate request step. Note that the location of Puppet's SSL certs varies according to the
ssldirsetting inpuppet.conf.
See also
Using autosign in this chapter
推薦閱讀
- PPT設計實用教程
- Solid Works 2021產品設計標準教程
- Talend Open Studio Cookbook
- 通達信炒股軟件從入門到精通(第2版)
- 零基礎學AutoCAD 2018(全視頻教學版)
- Premiere pro CC中文版自學視頻教程
- NetSuite OneWorld Implementation 2011 R2
- Oracle Warehouse Builder 11g R2: Getting Started 2011
- 中文版Illustrator 2020基礎教程
- Instant Flask Web Development
- Learning the Yahoo! User Interface library
- Instant Markdown
- Audition CC音頻處理完全自學一本通
- 中文版3ds Max 2014基礎培訓教程
- 這樣學Excel數據處理與分析更高效(視頻版)