[chef] Re: Re: Re: Re: Handle with Tomcat Certificates

[Eduardo Dias < >]

Yes, I can do it. But how to copy the certificates built during chef run from one to other?

2013/10/28 Tom Duffield < " target="_blank"> >

Could you drop off everything minus the self-signed portion using Chef and just generate the rest during the Chef run?

Tom Duffield — Automation Consulting Engineer

651.769.7497 –  " style="color:rgb(105,117,130)" target="_blank">  – my: Linkedin  Twitter

OPSCODE

CODE CAN

opscode.com   Blog   Facebook   Twitter   YouTube

On Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias < " target="_blank"> > wrote:

Thanks Tom,

we are using databags and files to store some certificates, but in this case I need to create a self-signed certificate using the FQDN and import it in cacerts of clients machines.

This is challenging me, how to do it in a secure way. I was trying to avoid create a trust relationship between the server and clients, just for security reasons.

Regards,

Eduardo

2013/10/28 Tom Duffield < " target="_blank"> >

Hey Eduardo, 

Methods that I have seen used in the past include: 

- Store the certificate in Chef managed entity (cookbook files, data bag) and have Chef drop it off

- Use Chef recipe to establish SSH trust between the necessary servers. 

Tom Duffield — Automation Consulting Engineer

651.769.7497 –  " style="color:rgb(105,117,130)" target="_blank">  – my: Linkedin  Twitter

OPSCODE

CODE CAN

opscode.com   Blog   Facebook   Twitter   YouTube

On Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias < " target="_blank"> > wrote:

Hi Chef Community,

I am looking for a tip to handle with Tomcat7 certificates, basically I need to copy the Tomcat7 public certificate to other servers and import it in Java cacerts. The problem is that I dont´t have ssh trust between these servers.

Has anyone that had this problem before?

Any tip will appreciated.

Regards,

Eduardo

--

Atenciosamente,

Eduardo

--

Atenciosamente,

Eduardo