Re: [Puppet Users] Emergency Certificate Revocation Procedure

Wed, 09 Apr 2014 05:50:29 -0700 

Hi Matthew,
Use your imagination. Puppet is not directly accessible to the internet, but there are puppet clients which are. Shared web servers, mail servers etc. I'm paid to be paranoid.. 

Thanks.  Tom.

On 08/04/14 20:43, Matthew Burgess wrote:



On 8 Apr 2014 09:29, "Tom" <t...@t0mb.net <mailto:t...@t0mb.net>> wrote:
>
> Hi,
>

> In light of the recently publicised vulnerability in OpenSSL 
versions provided on RHEL6/CentOS6 http://heartbleed.com/, do you have 
any recommendations on a procedure to regenerate new master 
certificates and then revoke, clean and re-sign all client SSL 
certificates?



Whilst I can't offer any direct answer to your question, and agree 
that it's a generally useful thing to have in the toolbox, I'm 
slightly inquisitive as to why you feel that action is necessary for 
this vulnerability. Is your Puppet Master accessible publically via 
the Internet and if so, why is that? If it isn't directly accessible 
via the Internet who/what is it that you think could have exploited 
the vulnerability?


Thanks,

Matt

--

You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
<mailto:puppet-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAKUTv3%2BNsfq3%2Batkib6WQ%3DaHNRtXPVbkZh7P6EDoktYD6%2B_HUQ%40mail.gmail.com 
<https://groups.google.com/d/msgid/puppet-users/CAKUTv3%2BNsfq3%2Batkib6WQ%3DaHNRtXPVbkZh7P6EDoktYD6%2B_HUQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5344F7EC.4040807%40t0mb.net.
For more options, visit https://groups.google.com/d/optout.






















					Reply via email to