0

I've setup and been managing a Puppet (enterprise 2016.1) instance with over 50 nodes. PE console uses self-signed certificate (https://<fully-qualified-domain-name>/) which is starting to get flagged down by the security audits and forcing me to update the cert. I'm trying to overwrite the self-signed certificate with a CA cert and also do a DNS binding so the URL is more user-friendly. I tried to follow Puppet article here (https://docs.puppet.com/pe/latest/custom_console_cert.html) but it broke my environment and made the console inaccessible. It's since been recovered using Azure backup.

If anybody ever carried out this activity, please would you let me know how I can go about it? Thanks.

Karthik
  • 97
  • 2
  • 3
  • 10
  • 1
    Assuming this is a monolithic install, you need to differentiate between the console cert and the ca cert. You are trying to replace the console cert and not the ca cert. Replacing the ca cert incorrectly would indeed break your environment. – Matthew Schuchard Nov 23 '16 at 12:24
  • Hi @MattSchuchard, thanks. It is a Monolithic install. Are you familiar with the approach? Indeed I've been trying to just replace the console certificate but there doesn't appear to be any clear guides online on how I can go about it. Thanks. – Karthik Nov 25 '16 at 04:01
  • The document you linked to seems like it would work perfectly. You should redo the question by showing what you tried and what went wrong. That is the typical format of StackExchange questions. Also, you might get some help on Server Fault too. – Matthew Schuchard Nov 25 '16 at 12:48

0 Answers0