Ask Your Question
1

Migrate ssl certs to new master

asked 2015-05-21 19:40:15 -0500

Cornellion gravatar image

Is it possible to copy SSL agent certs from an existing master running Puppet 2.7 to a new master running Puppet 3.8? I would like to point our existing agents to the new master without having to redo the cert requests.

I tried copying <agentname>.pem files to the below paths but have no luck:

/etc/puppetlabs/puppet/ssl/certs/
/etc/puppetlabs/puppet/ssl/ca/signed/
edit retag flag offensive close merge delete

Comments

Thank you. Good guide but lacking version info. That method fails with 2.7 clients talking to 3.8 master. Will try with a 3.3 master. (Using using new ask account)

Cornellio gravatar imageCornellio ( 2015-05-27 12:45:42 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2015-05-22 10:42:47 -0500

millerjl1701 gravatar image

updated 2015-05-22 15:18:26 -0500

Given all the issues with SHA1 certificates and SSL since 2.7 was release, you might be better off redeploying a new CA/client certificates than to move the old CA over... Check out this for some thoughts on how to do so: link:ssl regenerate certificates

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-05-21 19:40:15 -0500

Seen: 249 times

Last updated: May 22 '15