Following the Heartbleed bug and as all Debian
stable (wheezy for the time being) are affected and as the puppetmaster
is running on debian it is a good idea
to regenerate the puppet certificates, here is a quick how-to when using
puppet with passenger on debian wheezy.
Please refer to the
Now a new CA has been created in /var/lib/puppet/ssl, and a cert for the
master has been generated and signed, and all the existing agent
certificates are now unknown to the CA.
The puppetdb certificates should also be updated.
Launch the agent on the master to check that everything is OK.
Stop the agent if it is running and clean the SSL dir.
Launch the agent to generate a cert and wait for the cert to be signed.