Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

As an alternative to downgrading OpenSSL, there are a couple mechanisms provided to re-enable MD5 as a digest algorithm for Puppet 2.7 certificates. Either of the following should work:

  • Set OPENSSL_ENABLE_MD5_VERIFY=1 in the Puppet master's environment or before running puppet cert.

  • Or, re-enable MD5 system-wide: echo 'LegacySigningMDs md5' >> /etc/pki/tls/legacy-settings

More info can be found in the RedHat bugtracker entry for the OpenSSL change:

https://bugzilla.redhat.com/show_bug.cgi?id=1335914

Puppet 3.0 switched to using SHA256 as the certificate digest.