getting burp to use puppet CA

I’m a big fan of BURP to maintain my backup. This article explains how to reuse the PuppetMaster CA for authentification. I use Debian burp package on Wheezy.

First, you need to generate the dhfile.pem on both the server and the agent:


openssl dhparam -outform PEM -out /etc/burp/dhfile.pem 1024

The server

The configuration is in /etc/burp/burp-server.conf:


mode = server
(...)
# ca_conf = /etc/burp/CA.cnf
# ca_name = burpCA
# ca_server_name = burpserver
# ca_burp_ca = /usr/sbin/burp_ca
(...)
ssl_cert_ca = /var/lib/puppet/ssl/certs/ca.pem
ssl_cert = /var/lib/puppet/ssl/ca/signed/newpuppet.lebouder.net.pem
ssl_key = /var/lib/puppet/ssl/private_keys/newpuppet.lebouder.net.pem
ssl_key_password = password
ssl_dhfile = /etc/burp/dhfile.pem
(...)

The agent

The configuration file is /etc/burp/burp.conf:

mode = client
port = 4971
server = newpuppet.lebouder.net
ssl_cert_ca = /var/lib/puppet/ssl/certs/ca.pem
ssl_cert = /var/lib/puppet/ssl/certs/newclient.lebouder.net.pem
ssl_key = /var/lib/puppet/ssl/private_keys/newclient.lebouder.net.pem
ssl_peer_cn = newpuppet.lebouder.net
(...)

newpuppet.lebouder.net is the Puppet server.

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s