Issue #2890 has been updated by Markus Roberts. Assigned to changed from Markus Roberts to Dan Bode Priority changed from Low to Normal
---------------------------------------- Bug #2890: Puppetd: signed certificate retrieval "Retrieved certificate does not match private key" http://projects.reductivelabs.com/issues/2890 Author: Silviu Paragina Status: Ready for Testing Priority: Normal Assigned to: Dan Bode Category: SSL Target version: 0.25.2 Affected version: 0.25.1 Keywords: Branch: http://github.com/MarkusQ/puppet/tree/ticket/0.25.x/2890 Install a new client let's call it client1 Steps: 1. run puppetd --test on client 2. run puppetca --sign client1 on server 3. run rm -rf /var/lib/puppet/ssl on the client (equivalent with reinstalling the os on the client) 4. run puppetd --test on the client Now you will get as expected the "Retrieved certificate does not match private key" error. But the certificate the server gave is stored in /var/lib/puppet/ssl/certs and puppetd will try to use it on future runs To prove that do this 2 final steps 5. run puppetca --clean client1 6. puppetd --test if you analyze this run you will notice that the client does not even contact the server, it just loads the local certificates and bails out because the private/public key pair doesn't match. Workaround: delete /var/lib/puppet/ssl/cers/client1.pem from the client (or the equivalent file) I think the client shouldn't store the certificate received from the server unless it matches. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
