Puppet Dashboard signed with self signed certificate
How do you guys use Puppet Dashboard with HTTPs?
My puppet dashboard is accessible through HTTPs, with SSL certificate sign by my own internal CA. I would like to use it in puppet.conf as reporturl:
reports = store,http,tagmail reporturl = https://address/reports/upload report = true
My problem is simple, from puppet agent point of view, certificate is self signed:
Dec 11 11:52:51 nfs-1 puppet-user: Report processor failed: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /C=PL/ST=x/L=x/O=x /OU=x/CN=x/emailAddress=x]
What can I do to make it work? I would like to tell puppet that my CA is trusted - but I have no idea how to do that. What is funny, I tried to use GeoTrust SSL certificate, which is trusted by each browser, and it was same situation. Looks like puppet ignore CAs installed by ca-certificates package (It's debian)
Alternative option, which is also fine for me - is to disable veryfing of SSL certs, but I couldn't find any option that can do that. I found on google couple of similar (old) redmine tickets, but everything is outdated now.
I'll appreciate any help, because creating my own reporting module is the worst scenarion, and I would like to do it in other way.
- puppet 3.7.3 from apt.puppetlabs.com
- Debian Wheezy