One of our requirement is to replace all certs with the custom certificate which includes server certificates, client certificates and Puppet CA with our own CA. We started the process by replacing the certificates already installed instance, this works well for server certificates but failed when we also replaced puppet CA with our own CA. Second attempt was to do that during the initial installation itself, again we used multiple options which disable using puppet CA and uses our own CA and other server certificates, and it failed we are able to troubleshoot and move forward one step at a time and at this time we decided also to reach out community for help because as per our research not many online forums talks about this process.
What we are really looking for is to understand the requirements/installer options that we have to do to complete this setup.
We are currently running everything on the same instance I.e. foreman, proxies, puppet master etc and will continue to run on same instance.
We are using Vault as a certificate provider including server, CA, and intermediate CA.
As an end result we wanted to replace all the certificates including puppet CA, server certificates with our custom vault supplied certificates or by custom certificates in general.
In case if any additional information is required I am happy to provide the same.