Puppet adds domain to the certificates

Question

When as a root I run the following in my puppetmaster server

puppet master --verbose --no-daemonize

It generates the ssl certificates, but adds a domain to them. Which is the domain of my company (I'm in the office):

...
Info: Creating a new SSL key for puppetmaster.company_domain.net
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetmaster.company_domain.net
...

Actually it does the same when I run the equivalent for the agent (centOS and Ubuntu)

It might be nothing related to puppet. But I haven't got a lot of experience with linux, puppet and all the things involved so I would love to find the reason for that (couldn't find it browsing, probably becasuse I don't really know where to start from)

Thanks,

Answer 1

The name used in certificate generation is the node's FQDN by default, if it can determine one.

This tends to fit in nicely with certificate validation and node classification in most deployments, as well as preventing any strangeness from duplicate hostnames with different FQDNs (like a web01 in different subdomains for different physical locations), but if you specifically dislike this you can modify certname in puppet.conf to override what name it puts in the certificate request - you should probably have a good reason to change this, though!

Keep in mind that if you make the certname different than the node name, you might need to do some odd stuff in auth.conf to allow nodes to request their catalogs correctly.