DNS alt names are very convenient in larger Puppet infrastructures. They allow us to effectively nickname our servers individually, or as a group. A common DNS alt name might be puppet, so that you can use a load balancer to serve all of your individual Puppetservers.
In the following example, we're trying to connect to our Puppetserver using the name alt-name.puppet.net, which was never baked in to the certificate on the original signing of our Puppet server:
[root@wordpress puppet]# puppet agent -t --server=alt-name.puppet.netWarning: Unable to fetch my node definition, but the agent run will continue:Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [ok for /CN=pe-puppet-master]Info: Retrieving ...