Your message dated Sun, 23 Feb 2014 18:34:34 -0600
with message-id <[email protected]>
and subject line Re: Bug#724674: ca-certificates: local certificates added are 
not trusted
has caused the Debian Bug report #724674,
regarding ca-certificates: local certificates added are not trusted
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
724674: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724674
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ca-certificates
Version: 20130119
Severity: important

Hello,

I noticed that my puppet agent fails to connect to puppet server due to
invalid certificate.

While it might be the job of puppet to maintain the certificates I went
ahead and added the puppet CA:

ln -sf /var/lib/puppet/ssl/certs/ca.pem
/usr/local/share/ca-certificates/puppet-ca.crt

tried to connect to puppet server:

openssl s_client -connect localhost:8140

....
   Verify return code: 19 (self signed certificate in certificate chain)

openssl s_client -connect localhost:8140 -CApath /etc/ssl/certs

....
   Verify return code: 0 (ok)

WTF?

Oh yeah, openssl does not verify hostname. It's *that* awesome.

Any idea how I can add local certificate so that it's actually used?

Thanks

Michal

-- System Information:
Debian Release: 7.1
  APT prefers stable
  APT policy: (990, 'stable'), (800, 'oldstable'), (500, 'testing'), (400, 
'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ca-certificates depends on:
ii  debconf [debconf-2.0]  1.5.49
ii  openssl                1.0.1e-2

ca-certificates recommends no packages.

ca-certificates suggests no packages.

-- debconf information excluded

--- End Message ---
--- Begin Message ---
Closing due to lack of response.

--
Michael

--- End Message ---

Reply via email to