err: Could not request certificate: Error 400 on SERVER: unknown message digest algorithm

asked 2017-11-01 04:00:28 -0600

vinotv gravatar image

Recently i have wrongly removed the client(Amazon linux) certificate in puppet master, to recreate it i have deleted the /var/lib/puppet/ssl directory and then run command #puppet agent -t on the client and got the below error. The same method of regenerating the puppet certifiacte worked fine on Redhat linux servers.

Puppet Client:

[root@proxy-AZa ~]# cd /var/lib/puppet/ssl/ [root@proxy-AZa ssl]# ls -lrt total 24 drwxr-x--- 2 puppet root 4096 Oct 30 17:32 private drwxr-x--- 2 puppet root 4096 Oct 30 17:32 privatekeys drwxr-xr-x 2 puppet root 4096 Oct 30 17:32 publickeys drwxr-xr-x 2 puppet root 4096 Oct 30 17:32 certs drwxr-xr-x 2 puppet root 4096 Oct 31 06:52 certificate_requests drwxrwx--- 5 puppet puppet 4096 Oct 31 09:30 ca [root@proxy-AZa ssl]# rm -rf * [root@proxy-AZa ssl]# puppet agent -t info: Creating a new SSL key for proxy-aza.ad2015sit info: Caching certificate for ca info: Creating a new SSL certificate request for proxy-aza.ad2015sit info: Certificate Request fingerprint (md5): F4:45:68:AA:A8:48:5D:6D:D6:B2:62:11:70:5C:D3:AD err: Could not request certificate: Error 400 on SERVER: unknown message digest algorithm Exiting; failed to retrieve certificate and waitforcert is disabled

Puppet Master

[root@puppet tmp]# puppet cert list "c2c-cgs-1b-197.eu-west-1.compute.internal" (SHA256) 9E:5C:51:B9:65:F5:02:96:D0:B1:84:52:95:6B:49:80:C9:3A:17:20:80:1E:31:FA:D7:80:6B:41:D1:C2:7A:6D "proxy-aza.ad2015sit" (MD5) 9E:90:70:C9:91:F8:80:2A:FE:C2:C5:71:FD:A7:F2:73 "proxy-aza" (MD5) 6C:9D:77:3C:C0:5D:08:26:A8:3F:3E:3D:C6:DA:CF:49 "win-0ev7r2vfdqc" (SHA256) 78:FA:FB:8F:07:1D:01:FA:CF:F0:29:EB:9F:94:B9:2A:23:31:F9:91:E4:29:6F:58:07:82:94:42:36:73:C6:B3 "win-4fucdt6gaiv" (SHA256) B2:92:F8:81:5D:78:AB:1A:77:6A:46:AD:9A:AE:7E:3A:0B:2C:8E:9A:4F:9D:18:1D:99:10:2D:D5:18:2B:F6:10 "win-nr2kko32ipn" (SHA256) F8:4B:48:31:03:D7:B9:F4:20:4C:DC:A6:25:E5:67:17:B0:6E:13:53:32:FA:94:A4:8C:E6:57:6B:D5:BA:55:FB "win-qv88oi3kji6" (SHA256) CF:45:DB:A2:E4:F8:57:85:B7:E6:25:CD:82:E0:32:8D:EE:83:12:FC:CA:E6:00:8D:83:63:54:F1:74:72:85:CA "win-sct3th2f3s7" (SHA256) 01:2F:4A:05:F2:06:8E:80:47:D5:8F:6E:A9:4E:9C:42:90:58:8D:8D:AE:75:B5:45:E9:78:FA:B5:B6:9E:BE:D1 You have new mail in /var/spool/mail/root [root@puppet tmp]# puppet cert sign "proxy-aza.ad2015sit" Error: unknown message digest algorithm

The certificates are generated with MD5 and not in SHA256 format. The problem exists only on ... (more)

edit retag flag offensive close merge delete

Comments

Also we have few other amazon linux servers running and already signed SHA256 format. When i regenerating this we are getting into this issue.

vinotv gravatar imagevinotv ( 2017-11-01 04:02:02 -0600 )edit