Ask Your Question

Revision history [back]

It is not the time, it is the algorithm. After updating to CentOS 6.9 I'm unable to generate a puppet cert for the master to sign. I suspect it has something to do with the OpenSSL update and supported hashes. Have not found a solution or an answer.

It is not the time, it is the algorithm. After updating to CentOS 6.9 I'm unable to generate a puppet cert for the master to sign. I suspect it has something to do with the OpenSSL update and supported hashes. Have not found a solution or an answer.

UPDATE

Downgrading openssl is the only solution I have found so far.

  • wget a previous version from a CentOS mirror (openssl-1.0.1e-48 tested and worked)
  • yum downgrade openssl-1.0.1e-48.el6.x86_64.rpm
  • puppet agent -t (create the CSR)
  • sign on master
  • update openssl to latest version (naturally, for security)