Révision 70f565c5
puppetdb: implement cert validation and client cert auth
It is very common for PuppetDB installs to run on a different host than
the puppetmaster. In such cases, a certificate file is normally used to
establish an encrypted communication to the server.
The most common setup for this server certificate is to use a
certificate that was signed by the puppetmaster's CA, so one would want
to verify the server cert against this same CA (it should be present on
puppet clients).
Moreover, to ensure that only puppet clients can communicate with
PuppetDB, a pair of client certificat/key files are usually used to
authenticate clients.
Fichiers
- ajouté
- modifié
- copié
- renommé
- supprimé