You want to autosign any new client certificates that are sent to the puppet master. Be sure to understand the lack of security this presents.
$ cat /etc/puppet/autosign.conf *
By adding a single * to the
autosign.conf file you tell the puppet
master to accept the first certificate it sees for each client host.
This allows machines to come up on build and immediately connect to
puppet and begin their configuration. If you rebuild a machine, or do
anything that triggers a change in the clients certificate, the puppet
master will not allow the new certificate to connect until the old one
has been removed.
To reiterate - having this option enabled may seem like a time saver but the risk is that any machine can connect without authorisation and request your manifests, which may contain privileged information such as passwords, certificates, shared keys etc.