getting burp to use puppet CA

I’m a big fan of BURP to maintain my backup. This article explains how to reuse the PuppetMaster CA for authentification. I use Debian burp package on Wheezy.

First, you need to generate the dhfile.pem on both the server and the agent:

openssl dhparam -outform PEM -out /etc/burp/dhfile.pem 1024

The server

The configuration is in /etc/burp/burp-server.conf:

mode = server
# ca_conf = /etc/burp/CA.cnf
# ca_name = burpCA
# ca_server_name = burpserver
# ca_burp_ca = /usr/sbin/burp_ca
ssl_cert_ca = /var/lib/puppet/ssl/certs/ca.pem
ssl_cert = /var/lib/puppet/ssl/ca/signed/
ssl_key = /var/lib/puppet/ssl/private_keys/
ssl_key_password = password
ssl_dhfile = /etc/burp/dhfile.pem

The agent

The configuration file is /etc/burp/burp.conf:

mode = client
port = 4971
server =
ssl_cert_ca = /var/lib/puppet/ssl/certs/ca.pem
ssl_cert = /var/lib/puppet/ssl/certs/
ssl_key = /var/lib/puppet/ssl/private_keys/
ssl_peer_cn =
(...) is the Puppet server.

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s