Ask Your Question

Revision history [back]

The Puppet master uses its own host keys, generally this is the same as what the agent would use on the master:

# puppet master --configprint hostprivkey
/etc/puppet/ssl/private_keys/puppetdb1.vm.pem
# puppet master --configprint hostcert
/etc/puppet/ssl/certs/puppetdb1.vm.pem

As far as whether this can be configured, yes - you can override this in your puppet.conf using the configuration items above, however this changes the certificates the master will use itself. This is probably less of a problem with passenger.

Having said that, its very odd that changing this is going to fix your SSL issues unless the original values themselves have been customised. Chances are your solution can be found elsewhere.