SSL issues with puppetdb

view full story

http://serverfault.com – I'm setting up Puppetdb with SSL and having issues with certificates. I'm using Nginx as an SSL proxy for Puppet, so my CA is managed by a mongrel server on this Nginx proxy machine. If I generate a certificate for my Puppetdb URI using the CA on the Nginx machine, I'm able to setup the Puppetdb using the puppetlabs-puppetdb module (since the Puppet agent uses the proxy's CA), but then the Puppetmaster cannot connect to it, because it has its own CA certificate which is generates itself. If I generate a certificate for the Puppetdb URI using one of the Puppetmasters, I cannot deploy the Pup (HowTos)