We often run a puppet on the puppetmaster which connects to the local puppetmaster. In the past, I’ve run into some problems, so I thought it best to write down a couple of tips to keep in mind when setting this up. These helped me out in the past:
[puppetd] ssldir = /var/lib/puppet/ssl [puppetmasterd] ssldir = /var/lib/puppet-server/ssl [puppetca] ssldir = /var/lib/puppet-server/ssl
The addition to puppetca is needed because it needs to know where to sign the certificates. Of course, if you run 2.6 or higher, you need to replace puppetd with agent, puppetmasterd with mast and puppetca with… ca I think.
[puppetmasterd] certname = puppet certdnsnames = puppet.my.domain
That’s it. Hope it helps someone. You’re going to need to remove all old ssl dirs after you changed this and regenerate the certificates.