From d888d9ed79d7315e9aa013a5835d616101be1119 Mon Sep 17 00:00:00 2001
From: ajax <ajax@980ebf18-57e1-0310-9a29-db15c13687c0>
Date: Mon, 25 Sep 2006 20:10:38 +0000
Subject: Added some documentation to the security page to offer some example
 invocations useful for generating/signing certificates for clients and
 servers.

git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1690 980ebf18-57e1-0310-9a29-db15c13687c0
---
 documentation/documentation/security.page | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/documentation/documentation/security.page b/documentation/documentation/security.page
index 389bd8243..e3680686d 100644
--- a/documentation/documentation/security.page
+++ b/documentation/documentation/security.page
@@ -73,4 +73,26 @@ authentication already provides significant security.
 
 Recommendations on approaches are heartily recommended.
 
+# Examples
+
+To introduce a client machine to the puppet server, first run puppetd on
+the client with the `waitforcert` parameter:
+
+    $ puppetd --waitforcert 30 --server puppetserver.domain.net -v
+
+The client will request a certificate from the certificate authority
+facility on the server called `puppetserver.domain.net`.
+
+Assuming that the machine `puppetserver` is not set to autosign any new
+certificate requests (this is the default), you'll need to list the certificate
+requests from the command line on the server with an invocation like this:
+
+    $ puppetca --list
+
+You'll then be able to pick out the request by name (quite possibly, it will be the
+only request waiting) and instruct the certificate authority to sign the request:
+
+    $ puppetca --sign puppetclient-37.domain.net
+
+
 *$Id$*
-- 
cgit