A note and a complaint. Being a lazy sysadmin, I configured my ca_ttl to 25y. I assumed (poorly) that the ca would be created with the 25 year life span, and then certs would be created and use the end date of the root cert. This is not correct. Somehow a root CA can create certificates that extend beyond it's expiration.
On 32-bit servers 25Y is beyond the end of the world. In puppet, this results in the generic message: err: Could not request certificate: time out of range Figured I would post it to help any other lazy saps who still have to support 32-bit. Enjoy! Jordan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
