Fix command to generate Puppetserver CA certs for load balancer (#3398)

Co-authored-by: Avital Pinnick <[email protected]>

Author: Lennonka

guides/common/modules/proc_configuring-smart-proxy-server-with-custom-ssl-certificates-to-generate-and-sign-puppet-certificates.adoc

@@ -56,17 +56,31 @@ Retain a copy of the example `{foreman-installer}` command from the output for i
 --puppet-server true \
 --puppet-server-ca "true"
 ----
-. On {SmartProxyServer}, generate Puppet certificates for all other {SmartProxies} that you configure for load balancing, except this first system where you configure Puppet certificates signing:
+. On {SmartProxyServer} that is the Puppetserver Certificate Authority, stop the Puppet server:
 +
-[options="nowrap", subs="+quotes,attributes"]
+[options="nowrap", subs="+quotes,verbatim,attributes"]
+----
+# systemctl stop puppetserver
+----
+. Generate Puppet certificates for all other {SmartProxyServers} that you configure for load balancing, except the system where you first configured Puppet certificate signing:
++
+[options="nowrap", subs="+quotes,verbatim,attributes"]
 ----
-# puppet cert generate _{smartproxy-example-com}_ \
---dns_alt_names=_{loadbalancer-example-com}_
+# puppetserver ca generate \
+--ca-client \
+--certname _{smartproxy-example-com}_ \
+--subject-alt-names _{loadbalancer-example-com}_
 ----
 +
-This command creates the following files on the Puppet certificate signing {SmartProxyServer} instance:
+This command creates the following files:
 +
-* `/etc/puppetlabs/puppet/ssl/certs/ca.pem`
-* `/etc/puppetlabs/puppet/ssl/certs/{smartproxy-example-com}.pem`
-* `/etc/puppetlabs/puppet/ssl/private_keys/{smartproxy-example-com}.pem`
-* `/etc/puppetlabs/puppet/ssl/public_keys/{smartproxy-example-com}.pem`
+* `/etc/puppetlabs/puppet/ssl/certs/_{smartproxy-example-com}_.pem`
+* `/etc/puppetlabs/puppet/ssl/private_keys/_{smartproxy-example-com}_.pem`
+* `/etc/puppetlabs/puppet/ssl/public_keys/_{smartproxy-example-com}_.pem`
+* `/etc/puppetlabs/puppetserver/ca/signed/_{smartproxy-example-com}_.pem`
+. Start the Puppet server:
++
+[options="nowrap", subs="+quotes,verbatim,attributes"]
+----
+# systemctl start puppetserver
+----

guides/common/modules/proc_configuring-smart-proxy-server-with-default-ssl-certificates-to-generate-and-sign-puppet-certificates.adoc

@@ -53,13 +53,13 @@ Retain a copy of the example `{foreman-installer}` command that is output by the
 --puppet-server true \
 --puppet-server-ca "true"
 ----
-. On {SmartProxyServer}, stop the Puppet server:
+. On {SmartProxyServer} that is the Puppetserver Certificate Authority, stop the Puppet server:
 +
 [options="nowrap", subs="+quotes,verbatim,attributes"]
 ----
-# puppet resource service puppetserver ensure=stopped
+# systemctl stop puppetserver
 ----
-. Generate Puppet certificates for all other {SmartProxyServers} that you configure for load balancing, except the first system where you configure Puppet certificates signing:
+. Generate Puppet certificates for all other {SmartProxyServers} that you configure for load balancing, except the system where you first configured Puppet certificate signing:
 +
 [options="nowrap", subs="+quotes,verbatim,attributes"]
 ----
@@ -69,15 +69,15 @@ Retain a copy of the example `{foreman-installer}` command that is output by the
 --subject-alt-names _{loadbalancer-example-com}_
 ----
 +
-This command creates the following files on the system where you configure {SmartProxyServer} to sign Puppet certificates:
+This command creates the following files:
 +
 * `/etc/puppetlabs/puppet/ssl/certs/_{smartproxy-example-com}_.pem`
-* `/etc/puppetlabs/puppet/ssl/certs/ca.pem`
 * `/etc/puppetlabs/puppet/ssl/private_keys/_{smartproxy-example-com}_.pem`
 * `/etc/puppetlabs/puppet/ssl/public_keys/_{smartproxy-example-com}_.pem`
-. Resume the Puppet server:
+* `/etc/puppetlabs/puppetserver/ca/signed/_{smartproxy-example-com}_.pem`
+. Start the Puppet server:
 +
 [options="nowrap", subs="+quotes,verbatim,attributes"]
 ----
-# puppet resource service puppetserver ensure=running
+# systemctl start puppetserver
 ----