Just an addition to the question, can i change the contents of /etc/puppetlabs/puppet/ssl/certs without any issues to the CA that puppetserver creates? Would that be my solution?
On Thursday, March 28, 2019 at 2:37:10 PM UTC-7, Aditya S wrote: > > Hello, > > Is there a way for me to generate a CSR to have a puppetserver signed by > an external CA like Digicert? I wanted to do the following: > > 1. Create two master servers, master1.example.de & master2.example.de and > create a Load Balancer DNS name master.example.de > 2. Generate a CSR for my masters which will signed by Digicert. > 3. Import the thus obtained signed certs to the master and have all the > agents be signed by master1.example.de and sync > the /etc/puppetlabs/puppet/ssl folder to master2.example.de > > I was able to get 1. kinda working by using "server" and "dns_alt_names" > in the puppet.conf and verified it by looking at the actual cert but I > don't know how to compound it with 2 and 3. > > Please let me know how this can be done > > Thanks! > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b10687f1-7ff8-4e7d-9f86-798b15c3b9ac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
