Added some documentation to the security page to offer some example invocations useful for generating/signing certificates for clients and servers.

git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1690 980ebf18-57e1-0310-9a29-db15c13687c0

1 files changed, 22 insertions, 0 deletions

diff --git a/documentation/documentation/security.page b/documentation/documentation/security.page
index 389bd8243..e3680686d 100644
--- a/documentation/documentation/security.page
+++ b/documentation/documentation/security.page
@@ -73,4 +73,26 @@ authentication already provides significant security.
 
 Recommendations on approaches are heartily recommended.
 
+# Examples
+
+To introduce a client machine to the puppet server, first run puppetd on
+the client with the `waitforcert` parameter:
+
+    $ puppetd --waitforcert 30 --server puppetserver.domain.net -v
+
+The client will request a certificate from the certificate authority
+facility on the server called `puppetserver.domain.net`.
+
+Assuming that the machine `puppetserver` is not set to autosign any new
+certificate requests (this is the default), you'll need to list the certificate
+requests from the command line on the server with an invocation like this:
+
+    $ puppetca --list
+
+You'll then be able to pick out the request by name (quite possibly, it will be the
+only request waiting) and instruct the certificate authority to sign the request:
+
+    $ puppetca --sign puppetclient-37.domain.net
+
+
 *$Id$*