Here are the set of steps I ultimately came up with when trying to set up Puppet 6 servers in AWS using an ACM private CA for the Root.
-
Create Private CA in AWS Certificate Manager
- Type:
Root
- Common Name:
domain.int
(whatever you want) - Key Algorithm: RSA 2048
- provide S3 Bucket for storing CRL
- Type:
-
Generate Private Key and CSR for each Puppet Server’s Intermediate CA certificate:
- configuration for
openssl
command (certreq.cnf
):
- configuration for