On Tue, Apr 8, 2014 at 12:57 AM, Tom <t...@t0mb.net> wrote: > > In light of the recently publicised vulnerability in OpenSSL versions > provided on RHEL6/CentOS6 http://heartbleed.com/, do you have any > recommendations on a procedure to regenerate new master certificates and > then revoke, clean and re-sign all client SSL certificates? > > I think it'd be great in my organisation to have a bullet proof procedure > for the future, as well as getting around this currently problem. > > Thanks for any assistance. >
Puppet Labs had a CVE around a puppet master certificate issue. It only replaces the master cert, but from what I recall a module automates this step. You can see if the remediation tool kit is still suitable for this purpose: http://puppetlabs.com/security/cve/cve-2011-3872 http://puppetlabs.com/security/cve/cve-2011-3872/faq#q9 http://puppetlabs.com/security/cve/cve-2011-3872/faq#q11 Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACqVBqBqqpU5LKQGztVmzdEjcZBiaZ1B7Rjg8nPcm4AMuYi73g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
