On Wednesday, October 25, 2017 at 8:47:40 AM UTC-5, Vishal Sarin wrote: > > Folks, > > We manage a LAB of Windows PC where the OS crash is quite often and we > need to install a new certs. > > So, we need to delete the certs from Server frequently. > > Since its in-premise LAB and so I would like disable security completely > and have trust on other mechanism rather than SSL. > > Is this do-able in puppet/foreman? > > As far as I am aware, no, it is not possible to disable SSL. Puppet relies deeply on it, not only for authentication and confidentiality, but also for node *identity*.
You can, however, largely circumvent verification aspect of managing client certs. There are several ways you could do this, among them - Generate and install client certs manually, keeping a record of them so that you can re-install them when you re-provision the machine. This will not happen automatically (no matter how you name the machine during re-provisioning) but you can do it yourself. This way, you will not need to clean certs for these machines from the server in the first place. - Turn on the allow_duplicate_certs <https://puppet.com/docs/puppet/5.3/configuration.html#allowduplicatecerts> option in the master's configuration. This will cause the server to automatically replace old certs with new when a certificate-signing request comes in for a name that it already has a cert for. If you choose the second option then you will have to take care to avoid having multiple machines with the same certname (which is the same as the hostname by default). John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/38316181-210f-4be0-96ba-bf6be3eea610%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
