兔宝宝游戏网游戏攻略手游攻略 puppetmaster3d,如何更改puppetmaster证书默认的使用期限

puppetmaster3d,如何更改puppetmaster证书默认的使用期限

时间：2025-03-12 07:21:04 作者：兔宝宝游戏网浏览：33

puppetmaster，最近不少朋友在找如何更改puppetmaster证书默认的使用期限的相关介绍，兔宝宝游戏网给大家详细的介绍一下，希望对大家有帮助。

1、puppetmaster3d：

1、删除之前的CA
[root@kspupt-ca1 ~]# rm -rf /var/lib/puppet/ssl

备注：删除之前，你之前签的所有证书都不可用了哦，慎重！
2、编辑配置文件puppet.conf
[root@kspupt-ca1 ~]# cat /etc/puppet/puppet.conf
[main]
user = puppet
group = puppet
vardir = /var/lib/puppet
confdir = /etc/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
pluginsync = true
privatekeydir = $ssldir/private_keys { group = service }
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
hostprivkey = $privatekeydir/puppetca.pem { mode = 640 }
autosign = $confdir/autosign.conf { mode = 664 }
[agent]
server = puppetmaster
ca_server = puppetca
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
runinterval=86400
report = true
authconfig = /etc/puppet/namespaceauth.conf
usecacheonfailure = false
certname = kspupt-ca1
default_schedules = false
masterport = 8140
environment = prd
listen = false
splay = false
noop = false
show_diff = false
configtimeout = 120
[master]
autosign = $confdir/autosign.conf { mode = 664 }
confdir = /etc/puppet
certname = puppetca
ca = true
ca_ttl = 10y #添加这个字段

3、重新生成CA服务器
[root@kspupt-ca1 ~]# puppet cert --generate --dns_alt_names puppetca:puppet puppetca
Notice: Signed certificate request for ca
Notice: puppetca has a waiting certificate request
Notice: Signed certificate request for puppetca
Notice: Removing file Puppet::SSL::CertificateRequest puppetca at '/var/lib/puppet/ssl/ca/requests/puppetca.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppetca at '/var/lib/puppet/ssl/certificate_requests/puppetca.pem'

4、查看现有CA服务器生成证书的有效期
[root@kspupt-ca1 ~]# openssl x509 -text -noout -in /var/lib/puppet/ssl/certs/ca.pem | grep -i validity -A 2
Validity
Not Before: Oct 20 01:51:00 2014 GMT
Not After : Oct 18 01:51:00 2024 GMT
[root@kspupt-ca1 ~]#