Issue #2839 has been updated by Todd Zullinger.
FWIW, the spec file in conf/redhat includes puppetca in the client package as of 0.25.1rc1, since it has various uses on clients. ---------------------------------------- Feature #2839: print fingerprint for certificates http://projects.reductivelabs.com/issues/2839 Author: Peter Meier Status: Ready for Testing Priority: Normal Assigned to: Brice Figureau Category: SSL Target version: Rowlf Affected version: 0.25.1 Keywords: ssl, puppetca, fingerprints Branch: http://github.com/masterzen/puppet/tree/tickets/master/2395 It should be possible to print the fingerprint of a client certificate, as well puppetca should show fingerprints for signing requests. Like this you could completely avoid a possible man-in-the-middle from the very beginning on (during certification upload / signing process), as you can easily verify both fingerprints. Currently you could use @puppetca --print@ on the master to examine the certificate, however I don't know any easy command for that on the client, nor I was able to find one. And using @puppetca@ on the client somehow doesn't work. Hence the idea would be that you do a certificate request on the client, which would upload the cert to the master and print out the Fingerprint. It would also be nice if either @puppetca --print@ would work or if there is something like @puppetd --print-fingerprint@ On the master then puppetca --list should show besides the fqdn the fingerprint of the request. And you could easily compare them. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
