I'm trying to use an external CA to handle my SSL certificates for puppet 3.6, with that CA being InCommon. They have their self-signed CA and then a couple of intermediary levels. I've tweaked my ca.pem and issuer.pem file several times but I always get a variant of "error X at X depth: unable to get certificate".
Since option #2 and #3 in the link below seem to imply there is limited depth these external CA configurations can go to, I'm wondering if the Incommon CA infrastructure is causing this issue or if it is totally local to my installation.
External CA: https://docs.puppetlabs.com/puppet/latest/reference/config_ssl_external_ca.html#general-notes-and-requirements
Overview of the Incommon CA is:
1) AddTrust External CA Root (the root)
2) USERTrust RSA Certification Authority (the intermediate)
3) InCommon RSA Server CA (the intermediate)
4) Signed certificate of server
Thanks.
↧