I am thinking that it should work without to much fuss.
My current openvpn implementation uses the following certificates and
beside these are what i think would be the appropriate puppet ones.
openvpn server:
ca /etc/openvpn/ca.crt -> /var/lib/puppet/ssl/certs/ca.pem
cert /etc/openvpn/fqdn.crt -> /var/lib/puppet/ssl/certs/fqdn.pem
key /etc/openvpn/fqdn.key -> /var/lib/puppet/ssl/private_keys/fqdn.pem
tls-auth /etc/openvpn/ta.key 0 -> no equivalent ( use openssl to generate )
openvpn client:
ca /etc/openvpn/ca.crt -> /var/lib/puppet/ssl/certs/ca.pem
cert /etc/openvpn/fqdn.crt -> /var/lib/puppet/ssl/certs/fqdn.pem
key /etc/openvpn/fqdn.key -> /var/lib/puppet/ssl/private_keys/fqdn.pem
tls-auth /etc/openvpn/ta.key 1 -> no equivalent ( use the one generated
on the server )
I am going to give this a try later but would like to know if anyone has
any thoughts on it.
Ben
Ben wrote:
> Has anyone attempted to get openvpn to work with puppets certificates?
>
You shouldn't have any issues. Puppet uses standard OpenSSL.
A recipe showing your configuration for the wiki would be great though.
*hint*.
Regards
James Turnbull
- --
Author of:
* Pulling Strings with Puppet
(http://www.amazon.com/gp/product/1590599780/)
* Pro Nagios 2.0
(http://www.amazon.com/gp/product/1590596099/)
* Hardening Linux
(http://www.amazon.com/gp/product/1590594444/)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJIoJT9hTGvAxC30ARAmBAAJ4+kf5am9OGp+zsRnLi8reIl6W+iACgoxbM
SV8D8bJyiNW/FNujmccgOY0=
=izhZ
-----END PGP SIGNATURE-----