Signed certificate appearing for .mydomain.com?

asked 2014-07-31 19:11:00 -0500

Naftuli Tzvi Kay gravatar image

Before I started my Puppet Master, I generated my Puppet certificate with the following command:

puppet cert generate --dns_alt_names "puppet,puppet.mydomain.com,kungfumaster,kungfumaster.mydomain.com" kungfumaster.mydomain.com

I then proceeded to start my Puppet Master. I noticed that in the logs, my Puppet Master signed an additional certificate that I didn't create:

Aug  1 00:01:13 kungfumaster puppet-master[433]: .mydomain.com has a waiting certificate request
Aug  1 00:01:13 kungfumaster puppet-master[433]: Signed certificate request for .mydomain.com
Aug  1 00:01:13 kungfumaster puppet-master[433]: Removing file Puppet::SSL::CertificateRequest .mydomain.com at '/var/lib/puppet/ssl/ca/requests/.mydomain.com.pem'
Aug  1 00:01:13 kungfumaster puppet-master[433]: Removing file Puppet::SSL::CertificateRequest .mydomain.com at '/var/lib/puppet/ssl/certificate_requests/.mydomain.com.pem'
Aug  1 00:01:13 kungfumaster puppet-master[433]: Starting Puppet master version 3.6.2

This was the first time that I started my Puppet Master, the certificate couldn't have been generated at any other time than now.

Is it normal for a Puppet Master to generate a .$domain.pem certificate?

edit retag flag offensive close merge delete

Comments

This may be related to [my other question](https://ask.puppetlabs.com/question/13176/puppet-master-could-not-retrieve-fact-fqdnipaddress/) that my Puppet Master can't get the IP and FQDN facts.

Naftuli Tzvi Kay gravatar imageNaftuli Tzvi Kay ( 2014-07-31 20:36:09 -0500 )edit