Is it possible to use 3rd CSR on the puppet auto-sign?

asked 2018-12-28 00:48:44 -0600

Dear all,

I'm new to puppet. Here's my question -- Is it possible to use 3rd CSR on the puppet auto-sign?

As we have to place the puppet master on the AWS and all the puppet nodes connect to it via internet, so both the IP or the hostname for nodes will be dynamic not static. So we have to make the authentication to be auto-sign. But we also don't want to others to connect our puppet master easily so we are thinking -- if any method to add some 3rd CSR to the puppet nodes' sign process? -- eg. install some public key to the apache server on puppet master, and install the cert to the puppet nodes for encryption?

If it's possible please kind help. Thanks in advance for any help.

Regards Eisen

edit retag flag offensive close merge delete