On Tue, Jun 29, 2010 at 6:02 PM, Trevor Vaughan <[email protected]> wrote: > Apache tries to validate the sig on the CRL and, of course, picks up the > items by a hash of the DN, just like most OpenSSL apps (OpenLDAP, etc...). > > So, by changing the name in the case of the CA, the DN then hashes to a > different value and you no longer have a conflict with the proper > puppetmaster/client cert on the system.
I understand. So it's not that the CA cert being a hostname is the issue, it's the CA cert DN being identical to some other certificates DN that's the issue you've solved. Thanks, this helps tremendously. -- Jeff McCune http://www.puppetlabs.com/ -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
