- Puppet 2.7 Cookbook
- John Arundel
- 166字
- 2021-04-02 18:19:57
Pre-signing certificates
Because of the security implications, it's best to avoid using autosign if you can help it. In general, if you want to automate adding a large number of clients, it's better to pre-generate the certificates on the Puppetmaster and then push them to the client as part of the build process. You can use puppet cert --generate <hostname> to do this.
How to do it...
- Generate a pre-signed certificate for
client1.example.comwith the following command:puppet cert --generate client1.example.comPuppet will now generate and sign a client certificate in the name of
client1.example.com. - Transfer the three required files; the private key, the client certificate, and the CA certificate, to the new client. These are found in the following locations:
/etc/puppet/ssl/private_keys/client1.example.com.pem/etc/puppet/ssl/certs/client1.example.com.pem/etc/puppet/ssl/certs/ca.pemTransfer these to the corresponding directories on the client, and it will then be authenticated without the certificate request step. Note that the location of Puppet's SSL certs varies according to the
ssldirsetting inpuppet.conf.
See also
Using autosign in this chapter
推薦閱讀
- Adobe創意大學After Effects CS5 產品專家認證標準教材
- PS是這樣玩的:輕松掌握 Photoshop 通關秘籍
- AI繪畫教程:Midjourney使用方法與技巧從入門到精通
- AJAX and PHP: Building Modern Web Applications 2nd Edition
- Oracle SOA Suite Developer's Guide
- SketchUp印象 城市規劃項目實踐(第2版)
- Moodle JavaScript Cookbook
- 新媒體美工一冊通(全彩)
- Adobe創意大學Photoshop CS5 產品專家認證標準教材
- 平面設計制作標準教程(微課版 第2版)
- 數碼攝影后期密碼Photoshop CC調色秘籍(第2版)
- 中文版UG NX 7.0基礎教程
- Learning Dojo
- 企業虛擬化實戰:VMware篇
- CAD/CAE技術應用