Issue #6867 has been updated by Ken Barber.
Category set to installer
Affected PE version set to 1.0.0
(I created a dup before seeing this - doh! - let me copy my workaround detail
here as well)
So users may get this error after installation, when pointing a remote system
at the puppetmaster:
Certificate failure for localhost: Server name does not match certificate:
And when looking at the certificate using:
openssl x509 -in certificate.pem -noout -text
The aliases for the certificate do not match the server.
In the case where the alias is one of the items that you provided in the list
during installation of PE, the fault may be with the installer. In the
puppet-enterprise-installer script (line 1928) we are using this syntax to
generate the certificates:
run “/opt/puppet/bin/puppet cert —generate ${q_puppetmaster_certname?}
—certdnsnames ‘${q_puppetmaster_certname?}:puppet’ —verbose —color=false || true
However, this is not using the list we ask earlier ie.
q_puppetmaster_certdnsnames?
So the line should be something like:
run “/opt/puppet/bin/puppet cert —generate ${q_puppetmaster_certname?}
—certdnsnames ‘${q_puppetmaster_certdnsnames?}:puppet’ —verbose —color=false ||
true
The workaround is to drop the certificates after creation:
rm -rf /etc/puppetlabs/puppet/ssl
And then regenerate manually with the above command:
/opt/puppet/bin/puppet cert —generate ${q_puppetmaster_certname?} —certdnsnames
‘${q_puppetmaster_certdnsnames?}:puppet’ —verbose —color=false
(replacing variables manually)
----------------------------------------
Bug #6867: The certdnsnames option is not used to when generating certificates.
https://projects.puppetlabs.com/issues/6867
Author: Teyo Tyree
Status: Unreviewed
Priority: Normal
Assignee:
Category: installer
Target version:
Keywords: cerdnsnames
Branch:
Affected PE version: 1.0.0
The installer option q_puppetmaster_certdnsnames not used to generate the
server certificate.
run "/opt/puppet/bin/puppet cert --generate ${q_puppetmaster_certname?}
--certdnsnames '${q_puppetmaster_certname?}:puppet' --verbose --color=false||
true"
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
