Is anybody out there pre-generating certificates for your agents? I've heard whispered tales of some folks doing this but we're starting work on improving the CA / signing / revocation workflow and it'd be great to talk to somebody directly. The workflow would be using 'puppet cert generate' on the master/CA then distributing both the private key and the resulting certificate in some secure, out-of-band mechanism (cloud-init?) to the nodes, so the agent finds the CA cert as well as its own key/cert pair ready and waiting when it starts up, bypassing the CSR generation/submission completely.
--eric0 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/09846c69-cc85-4cfc-a4ed-f19d24b34776%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
