Issue #1168 has been updated by luke.
Status changed from Accepted to Ready for Checkin
Keywords set to certificate, naming
Fixed in [5f600dd] (in the tickets/0.24.x/1168 branch in my repo), but somewhat
hackishly. Here's the changelog:
Fixing #1168 (for 0.24.x) -- automatically downcasing the fqdn.
Also requiring that passed in certnames be downcased; the setting
system isn't currently flexible enough to automatically downcase
it for the user.
Basically, we can do validation of settings, but we can't manipulate them on
the way through.
I'm also going to check the 'master' branch and make sure a similar fix is
applied.
----------------------------------------
Bug #1168: Master-side client certificates convert hostnames to lowercase
http://reductivelabs.com/redmine/issues/show/1168
Author: mikebrittain
Status: Ready for Checkin
Priority: Normal
Assigned to: luke
Category: unknown
Target version: 0.24.5
Keywords: certificate, naming
Complexity: Trivial
Patch: None
Affected version:
I'm trying to use master-side certificate generation with hosts at Amazon's EC2
service. Internal hostnames there use mixed-case names:
<pre>
domU-12-31-12-34-56-78.compute-1.internal
</pre>
Note the "U" is upper-case.
I build a set of certificates for this client:
<pre>
puppetca --generate domU-12-31-12-34-56-78.compute-1.internal
</pre>
Resulting files are:
<pre>
./private_keys/domu-12-31-12-34-56-78.compute-1.internal.pem
./certs/domu-12-31-12-34-56-78.compute-1.internal.pem
./ca/signed/domu-12-31-12-34-56-78.compute-1.internal.pem
</pre>
Note all lower-case "u"s in "domu".
When I put these onto the puppet client, they are mis-matched between hostname
and filenames. The client (when started) ends up creating new keys with
mixed-case names next to the versions that were copied from the Puppet master
server:
<pre>
-rw------- 1 root root domU-12-31-12-34-56-78.compute-1.internal.pem
-r-------- 1 root root domu-12-31-12-34-56-78.compute-1.internal.pem
</pre>
It's very possible this is invalid. I don't know the specs surrounding
certificate generation.
----------------------------------------
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://reductivelabs.com/redmine/my/account
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
