Significance of ca_name?

[dE]

The documentation says --

The name to use the Certificate Authority certificate.

Which sound like wrong grammar. The correct one must be --

The name to use for the Certificate Authority certificate.

On my master, the ca_name =  Puppet CA: puppetmaster

and the CA cert file is named ca_crt.pem; who's subject is Puppet CA: puppetserver

So nor the common name of the certificate nor the file name of the certificate is Puppet CA: puppetmaster

[Jeremy Barlow]

The ca_name determines the Common Name (CN) which is added to the CA certificate's subject.  It doesn't have any bearing on the file name of the certificate, as you mentioned.  The default value which is used for it (from https://docs.puppetlabs.com/puppet/latest/reference/configuration.html#caname) is:

  Puppet CA: $certname

$certname is interpolated from the value of the corresponding named setting (https://docs.puppetlabs.com/puppet/latest/reference/configuration.html#certname).  The default for $certname is the fully-qualified domain name of the system.

---

As long as I have the ca_name setting set in my puppet.conf file - either under the main or master section - before my ca_crt.pem has been generated and before my Puppet Server is started up, whatever value I have in the ca_name setting ends up being the CN in the CA certificate.  If I change the value of the ca_name setting after my ca_crt.pem file has been created, though, I would need to delete the ca_crt.pem file in order for the CA certificate to be regenerated with the new value I used for the ca_name setting.

Is this not the behavior you see?

If not, could you provide more details as to what version of Puppet master code you are using - version of Puppet under Passenger, version of Puppet Server, or something else?