Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

As an alternative to downgrading OpenSSL, there are a couple mechanisms provided to re-enable MD5 as a digest algorithm for Puppet 2.7 certificates. Either of the following should work:

  • Set OPENSSL_ENABLE_MD5_VERIFY=1 in the Puppet master's environment or before running puppet cert.

  • Or, re-enable MD5 system-wide: echo 'LegacySigningMDs md5' >> /etc/pki/tls/legacy-settings

More info can be found in the RedHat bugtracker entry for the OpenSSL change:

Puppet 3.0 switched to using SHA256 as the certificate digest.