[Puppet Enterprise - Bug #8421] (Accepted) Puppet Cert Revoke requires pe-http

Thu, 14 Jul 2011 11:56:54 -0700 

Issue #8421 has been reported by Nan Liu.

----------------------------------------
Bug #8421: Puppet Cert Revoke requires pe-http
https://projects.puppetlabs.com/issues/8421

Author: Nan Liu
Status: Accepted
Priority: Normal
Assignee: 
Category: 
Target version: 
Keywords: 
Branch: 
Affected PE version: 


puppet cert -r should trigger apache to reload certificate csr. If we don't 
restart pe-httpd it will still allow connectivity from the revoked cert. 

    [root@localhost ssl]# puppet agent --server=puppetmaster.localdomain -t
    info: Retrieving plugin
    info: Caching catalog for puppetagent.localdomain
    info: Applying configuration version '1310576987'
    notice: Finished catalog run in 0.04 seconds
    [root@localhost ssl]# service pe-httpd restart
    Stopping pe-httpd:                                         [  OK  ]
    Starting pe-httpd:                                         [  OK  ]
    [root@localhost ssl]# puppet agent --server=puppetmaster.localdomain -t
    info: Retrieving plugin
    err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional 
resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 
read finished A: sslv3 alert certificate revoked
    err: /File[/var/opt/lib/pe-puppet/lib]: Could not evaluate: SSL_connect 
returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert certificate revoked 
Could not retrieve file metadata for puppet://puppetmaster.localdomain/plugins: 
SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert 
certificate revoked
    err: Could not retrieve catalog from remote server: SSL_connect returned=1 
errno=0 state=SSLv3 read finished A: sslv3 alert certificate revoked
    warning: Not using cache on failed catalog
    err: Could not retrieve catalog; skipping run
    err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read 
finished A: sslv3 alert certificate revoked


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.

Reply via email to