For history, see:
http://groups.google.com/group/puppet-dev/browse_thread/thread/8f3a4edbbcd65d59
and probably http://projects.reductivelabs.com/issues/899 is the
same issue
The problem here is that certificates for the puppetmaster (acting as
the CA) and the puppet client on the same machine have the same DN,
namely CN=<fqdn>. The fix is to simply change the DN of the CA:
--- /usr/lib/ruby/1.8/puppet/sslcertificates/ca.rb~ 2008-07-08
14:46:19.000000000 +0100
+++ /usr/lib/ruby/1.8/puppet/sslcertificates/ca.rb 2009-04-27
15:55:54.000000000 +0100
@@ -161,6 +161,7 @@
end
cert = Certificate.new(
:name => name,
+ :ou => "PuppetCA",
:cert => @config[:cacert],
:encrypt => @config[:capass],
:key => @config[:cakey],
Whether the actual problem is in apache or puppet (ie. should apache
understand that different certificates can have the same CA or is puppet
breaking the spec by doing it?), this patch makes it go away. Of course
all certificates will have to be recreated.
Matthew
--
I must take issue with the term "a mere child", for it has been my
invariable experience that the company of a mere child is infinitely
preferable to that of a mere adult.
-- Fran Lebowitz
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
