using puppet as intermediate CA with an external root to authenticate #78
Replies: 2 comments
-
|
Is anyone using the external CA in puppet, pls share any experience. |
Beta Was this translation helpful? Give feedback.
-
|
We created ca-bundle.pem file with order (1. Puppet’s CA cert 2. Org’s intermediate CA signing cert 3. Org’s root CA cert) and crl.pem with order (1. Puppet’s CA CRL 2. Org’s intermediate CA CRL 3. Org’s root CA CRL) and puppet_ca_key.pem from current puppet master private key under /etc/puppetlabs/puppet/ssl/private_keys/servername.pem and tired to import via command line “puppetserver ca import --cert-bundle ca-bundle.pem --crl-chain crls.pem --private-key puppet_ca_key.pem” and then getting above error. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
trying to setup puppet as intermediate CA with an external root cert for authenticate purpose.
this is needed as using the puppet signed cert is causing vulnerability "SSL certificate cannot be trusted"
doc link:
https://www.puppet.com/docs/puppet/8/server/intermediate_ca.html#set-up-puppet-as-an-intermediate-ca-with-an-external-root
upon using the newly generated certificate with external root, we are seeing the error:
Validating cert store returned: 20 - unable to get local issuer certificate
Missing public key to match private key at /etc/puppetlabs/puppet/ssl/private_keys/servername.pem
puppetserver ca import --cert-bundle ca-bundle.pem --crl-chain crls.pem --private-key puppet_ca_key.pem
Error:
Could not find certificate matching private key
Any leads if this is possible to use the certificate with external root using above document link.
thanks in advance.
Beta Was this translation helpful? Give feedback.
All reactions