Issue #899 has been updated by Luke Kanies.
It seems reasonable to sign the CRL with the server cert instead of the CA cert, but it does mean that each server will need to make its own CRL, which probably changes how things work just a bit. ---------------------------------------- Bug #899: CRL signature failure when using apache/mongrel http://projects.reductivelabs.com/issues/899 Author: Brendan Beveridge Status: Accepted Priority: Normal Assigned to: Category: mongrel Target version: Complexity: Unknown Patch: None Affected version: 0.24.8 Keywords: Following the guide on: http://reductivelabs.com/trac/puppet/wiki/UsingMongrel running: puppetd --test --server localhost gives me: err: Could not retrieve configuration: Certificates were not trusted: tlsv1 alert decrypt error in the apache balancer logs i get: [warn] Invalid signature on CRL [error] Certificate Verification: Error (8): CRL signature failure This is using the current versions: puppet: 0.23.2 apache: 2.2.6 mongrel: 1.1 config is per the urls details. If i comment out the revocation file all works fine. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
