Issue #7333 has been updated by Ken Barber. Status changed from Unreviewed to Duplicate
Duplicate of #6867 ---------------------------------------- Bug #7333: certdnsnames are not being used correctly during puppetmasterd cert generation https://projects.puppetlabs.com/issues/7333 Author: Ken Barber Status: Duplicate Priority: Normal Assignee: Category: installer Target version: Keywords: ssl Branch: Affected PE version: 1.0.0 So users may get this error after installation, when pointing a remote system at the puppetmaster: ertificate failure for localhost: Server name does not match certificate: And when looking at the certificate using: openssl x509 -in certificate.pem -noout -text The aliases for the certificate do not match the server. In the case where the alias is one of the items that you provided in the list during installation of PE, the fault may be with the installer. In the puppet-enterprise-installer script (line 1928) we are using this syntax to generate the certificates: run "/opt/puppet/bin/puppet cert --generate ${q_puppetmaster_certname?} --certdnsnames '${q_puppetmaster_certname?}:puppet' --verbose --color=false || true However, this is not using the list we ask earlier ie. q_puppetmaster_certdnsnames? So the line should be something like: run "/opt/puppet/bin/puppet cert --generate ${q_puppetmaster_certname?} --certdnsnames '${q_puppetmaster_certdnsnames?}:puppet' --verbose --color=false || true The workaround is to drop the certificates after creation: rm -rf /etc/puppetlabs/puppet/ssl And then regenerate manually with the above command: /opt/puppet/bin/puppet cert --generate ${q_puppetmaster_certname?} --certdnsnames '${q_puppetmaster_certdnsnames?}:puppet' --verbose --color=false (replacing variables manually) -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
