Ask Your Question

What client certificate does Puppet Master use with PuppetDB?

asked 2013-10-28 18:25:34 -0600

Joseph Carlos gravatar image

I am trying to set up PuppetDB and having some problems.

It appears that when a Puppet Master attempts to connect to the PuppetDB server, not only does the PuppetDB service authenticate itself with an SSL certificate, the PuppetDB service expects the Puppet Master to submit a client certificate.

What key-pair does the Puppet Master use when authenticating against PuppetDB? Can that key-pair be specified in a configuration file?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2013-10-29 08:40:16 -0600

The Puppet master uses its own host keys, generally this is the same as what the agent would use on the master:

# puppet master --configprint hostprivkey
# puppet master --configprint hostcert

As far as whether this can be configured, yes - you can override this in your puppet.conf using the configuration items above, however this changes the certificates the master will use itself. This is probably less of a problem with passenger.

Having said that, its very odd that changing this is going to fix your SSL ... (more)

edit flag offensive delete link more


The Puppet Master is a puppet client of a puppet system that does not use the same CA as it uses itself when acting as a Puppet Master. I need ...(more)

Joseph Carlos gravatar imageJoseph Carlos ( 2013-10-29 10:06:57 -0600 )edit

Short answer is "you can't". The code doesn't support it in the terminus. The long answer is either a) we modify the code to do this or b ...(more)

ken gravatar imageken ( 2013-10-29 15:41:09 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2013-10-28 18:25:34 -0600

Seen: 286 times

Last updated: Oct 29 '13