rm -fr /var/lib/puppet/ssl #could delete individual .pem files puppet cert generate external.domain.com --dns_alt_names=internalname.domain,puppetIf executed as above (deleting all certs, all puppet nodes need to request certificate and the master to sign it)
Showing posts with label sysadmin. Show all posts
Showing posts with label sysadmin. Show all posts
Friday, August 23, 2013
Puppet: certificates signed with multiple names
The default creation of SSL certs for the puppet master create a certicate base on the hostname of the server. If this server is reached with two different names (zB internalname.domain.com & external.domain.com) this creates problems such as:
Server hostname 'internalname.domain.com' did not match server certificate; expected observer1
You can do the following:
Subscribe to:
Posts (Atom)