| Hi, Due to our Network policy it is not possible for a minion to open a connection to an overlord (bidirectional connections not allowed by the firewall); this means that it is not possible for the minion to contact the certmaster to sign its certificate. In order to circumvent this problem is it possible to pregenerate a signed certificate for the minion? What are the other options or possibilities I have to solve this problem? I am certainly not the only one having to fight with unidirectional firewall rules. It could be nice feature to tell the certmaster to get a CSR from a given hostname (minion) and sign it; as the connection would be issued by the certmaster to the minion, the connection would be allowed in our Network and we would be able to sign the CSR. Thanks a lot for your help and tips. B |
_______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
