Ask Your Question
0

SHA256 Certs and older Solaris puppet clients

asked 2013-09-09 08:41:17 -0500

Simon gravatar image

I'm trying to deploy a newer puppet master (3.2.4) but am having problems with Solaris puppet clients. I think this is down to the fact that openssl on Solaris cannot cope with SHA256.

The Solaris client cert is generated as MD5. The new master see's the request and lists it as MD5, but when I sign the cert on the master it gets signed as SHA256. Then subsequent puppet runs on the client fail with:

err: /File[/var/puppet/lib]: Failed to generate additional resources using 'eval_generate': certificate verify failed

I will be de-commissioning the Solaris ... (more)

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2013-09-09 12:22:05 -0500

Stefan gravatar image

I am afraid this is not possible: http://projects.puppetlabs.com/issues/21257

edit flag offensive delete link more

Comments

Many thanks for the info. I'll revert to 2.7.

Simon gravatar imageSimon ( 2013-09-10 03:14:17 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2013-09-09 08:41:17 -0500

Seen: 80 times

Last updated: Sep 09 '13