So this is unrelated. Have you tried your fix against 2.6.0rc ? The name variable you modify does not change the ca cn field which is what I was speaking to.
Hence the ca_name configuration setting. On Monday, July 12, 2010, Trevor Vaughan <[email protected]> wrote: > You need to add something to the FQDN to make this work properly. > > So, it should be something like Puppet CA #{Facter["fqdn"]}_ca" > > Trevor > > On 7/8/10, Jeff McCune <[email protected]> wrote: >> On Wed, Jun 30, 2010 at 2:22 AM, Trevor Vaughan <[email protected]> >> wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Yes, that's why it was a retro fix. >> >> I've verified Trevor's account is the problem and the solution, at least to: >> >> http://projects.puppetlabs.com/issues/1525 and >> http://projects.puppetlabs.com/issues/3770 >> >> The current HEAD of master does not have this fix as the default, but >> we do have --ca_name as a configuration option. >> >> I propose we set the default value of the ca_name configuration >> parameter to be "Puppet CA #{Facter["fqdn"]}" >> >> By the way, the code Trevor mentioned doesn't appear to be valid for >> 2.6, I had to specifically configure ca_name to get the desired >> behavior, hacking the source[1] didn't have any effect. >> >> Spaces are fine in the CN field. >> >> [1] - >> http://github.com/reductivelabs/puppet/blob/master/lib/puppet/sslcertificates/ca.rb#L158 >> >> Cheers, >> -- >> Jeff McCune >> http://www.puppetlabs.com/ >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Developers" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/puppet-dev?hl=en. >> >> > > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 > [email protected] > > -- This account not approved for unencrypted proprietary information -- > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-dev?hl=en. > > -- Jeff McCune http://www.puppetlabs.com/ -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
