my puppet.conf on the master
[master]
certname = myname.mydomain.com
ca_server = myname.mydomain.com
certdnsnames = puppet;puppet.local;myname.dyndns.org;hivemind.local;
for my understanding with the certdnsnames defined the following should work:
puppet agent --server myname.dyndns.org --test
but i get the following error:
err: Could not retrieve catalog from remote server: hostname was not match with the server certificate
how to avoid this error? how to correctly define certdnsnames? i have found diffent documentation about this, but no simple example. i i use "," for seperation i cannot sign at all.
i also have seen a syntax like
certdnsnames = puppet:puppet.intra.myserver.fr,puppet.myserver.fr:puppet,puppet:puppet,puppet.intra.myserver.fr,puppet.myserver.fr
http://projects.puppetlabs.com/issues/5776
but for me its not clear when to add a "puppet:" and when not.
Best Answer
For the benefit of anyone else who stumbles upon this answer:
Due to CVE-2011-3872, Puppet no longer supports the
certdnsnames
option. From the documentation:You can generate an SSL certificate for your server using subjectAlternativeName like this: