rm -fr /var/lib/puppet/ssl #could delete individual .pem files puppet cert generate external.domain.com --dns_alt_names=internalname.domain,puppetIf executed as above (deleting all certs, all puppet nodes need to request certificate and the master to sign it)
Friday, August 23, 2013
Puppet: certificates signed with multiple names
The default creation of SSL certs for the puppet master create a certicate base on the hostname of the server. If this server is reached with two different names (zB internalname.domain.com & external.domain.com) this creates problems such as:
Server hostname 'internalname.domain.com' did not match server certificate; expected observer1
You can do the following:
Subscribe to:
Posts (Atom)