SHA256 Certs and older Solaris puppet clients
I'm trying to deploy a newer puppet master (3.2.4) but am having problems with Solaris puppet clients. I think this is down to the fact that openssl on Solaris cannot cope with SHA256.
The Solaris client cert is generated as MD5. The new master see's the request and lists it as MD5, but when I sign the cert on the master it gets signed as SHA256. Then subsequent puppet runs on the client fail with:
err: /File[/var/puppet/lib]: Failed to generate additional resources using 'eval_generate': certificate verify failed
I will be de-commissioning the Solaris ... (more)