Ask Your Question

SHA256 Certs and older Solaris puppet clients

asked 2013-09-09 08:41:17 -0600

Simon gravatar image

I'm trying to deploy a newer puppet master (3.2.4) but am having problems with Solaris puppet clients. I think this is down to the fact that openssl on Solaris cannot cope with SHA256.

The Solaris client cert is generated as MD5. The new master see's the request and lists it as MD5, but when I sign the cert on the master it gets signed as SHA256. Then subsequent puppet runs on the client fail with:

err: /File[/var/puppet/lib]: Failed to generate additional resources using 'eval_generate': certificate verify failed

I will be de-commissioning the Solaris ... (more)

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2013-09-09 12:22:05 -0600

Stefan gravatar image

I am afraid this is not possible:

edit flag offensive delete link more


Many thanks for the info. I'll revert to 2.7.

Simon gravatar imageSimon ( 2013-09-10 03:14:17 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2013-09-09 08:41:17 -0600

Seen: 133 times

Last updated: Sep 09 '13