Force resigning of existing certificates
heeyoung kim
I want to know how to resign old signed certificate on puppet master when agents rebuild OS and request CSR.
I have over 200 workstations rebuilding frequently, so it is not effect to clean agents' certificate manually on puppet master before kicstarting agents.
Puppet master and agent OS : CentOS6.4
On my research, many people don't recommend the way due to security issue on my research, but I don't care about the issue now.
I found a forum as follows that what I want to know, but unfortunately the reference site closed.
"http://glarizza.posterous.com/managing-puppet-ssl-certificates
Basically a CGI script located on you CA Server. You can pass the
hostname/certname that you want to clean via http to the script and
have it clean it off the CA Server. More details in the link above.
This is working great for me and I'll be using it until similar
functionality is included by default in puppet. "
Can anyone let me know how to make it?
I am new in Linux, puppet and script, so any idea or/and advice are appreciated!!
Thanks,
Thomas Müller
Am Dienstag, 9. Dezember 2014 23:32:40 UTC+1 schrieb heeyoung kim:
Hello,
I want to know how to resign old signed certificate on puppet master when agents rebuild OS and request CSR.
I have over 200 workstations rebuilding frequently, so it is not effect to clean agents' certificate manually on puppet master before kicstarting agents.
Puppet master and agent OS : CentOS6.4
On my research, many people don't recommend the way due to security issue on my research, but I don't care about the issue now.
I found a forum as follows that what I want to know, but unfortunately the reference site closed.
"http://glarizza.posterous.com/managing-puppet-ssl-certificates
...
Can anyone let me know how to make it?