PE Certificate Authority node group
This node group is used to manage the certificate authority (CA).
puppet_enterprise::profile::certificate_authority — manages
the certificate authority on the primary server
On a new install, the primary server is pinned to this node group.
Don't add additional nodes to this node group. To avoid issues, don't set the
client_allowlist parameter of the puppet_enterprise::profile::certificate_authority
class in this node group. Instead, to grant certificates access to the CA API
without listing individual certificate names, use the "pp_cli_auth": "true" certificate extension. For instructions, see
Puppet-specific registered IDs.
