Certificates installed
During installation, the software generates and installs a number of SSL certificates so that agents and services can authenticate themselves.
These certs can be found at /etc/puppetlabs/puppet/ssl/certs.
A certificate with the same name as the agent that runs on the primary server is generated during installation. This certificate is used by PuppetDB and the console.
Services that run on the primary server — for example, pe-orchestration-services
and pe-console-services — use the agent certificate to
authenticate.
The certificate authority, if active, stores its certificate information at
/etc/puppetlabs/puppetserver/ca. You can learn more about the
certificate authority service on the PE software architecture
page.
