How to add multiple dns names to my puppetmaster?

Solution 1:

For the benefit of anyone else who stumbles upon this answer:

Due to CVE-2011-3872, Puppet no longer supports the certdnsnames option. From the documentation:

The certdnsnames setting is no longer functional, after CVE-2011-3872. We ignore the value completely. For your own certificate request you can set dns_alt_names in the configuration and it will apply locally. There is no configuration option to set DNS alt names, or any other subjectAltName value, for another nodes certificate. Alternately you can use the --dns_alt_names command line option to set the labels added while generating your own CSR.

You can generate an SSL certificate for your server using subjectAlternativeName like this:

$ puppet cert generate <puppet master's certname> --dns_alt_names=<comma-separated list of DNS names>

Solution 2:

For Puppet 4+ use the following commands to change the accepted dns names for the puppetserver certificate:

Rename existing certificates to *.backup:

mv /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem{,.backup}
mv /etc/puppetlabs/puppet/ssl/ca/signed/$(hostname -f).pem{,.backup}
mv /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem{,.backup}

generate new certificate (add your desired alt names):

puppet cert generate $(hostname -f) --dns_alt_names=$(hostname -f),puppet

restart puppetserver to use new certificates

service puppetserver restart