ca_name default value is misleading and can cause problems.
|Status:||Needs More Information||Start date:||10/19/2011|
|Affected Puppet version:||Branch:|
The default value for the $ca_name configuration setting is somewhat misleading:
:ca_name => ["Puppet CA: $certname", "The name to use the Certificate Authority certificate."],
This makes it look like the certname is an important attribute when it isn’t, and it’s even more misleading when the certname is the fqdn.
This also means that the name doesn’t change when you start up an entire new CA on the same host, which can cause problems for clients who have the previous CA cached.
I suggest we incorporate a timestamp and clean up the string so it’s more accurate, like:
Puppet CA: Generated on $fqdn at $timestamp
Puppet CA: Generated on puppet.mydomain.coma at 2011-10-19
I don’t believe we need the timestamp to be finer grained than one day, but feedback welcome.
“Generated” may not be the most appropriate word here.