Issue #7618 has been updated by John Morton.
On the 2.7.3 instance I have to hand, running that on the server just reveals the MD5 fingerprints of the client certificates. I'm after the fingerprint of the server's CA on both the server, and once it's sent to the client. It really wants to be a --ca option, as you need to be able to easily differentiate it from your client certs, and it really doesn't belong in the list of client certs in any case. ---------------------------------------- Feature #7618: ‘puppet cert’ should be able to return the fingerprint of the CA https://projects.puppetlabs.com/issues/7618 Author: John Morton Status: Needs More Information Priority: Normal Assignee: John Morton Category: SSL Target version: Affected Puppet version: Keywords: Branch: When setting up a new client, I like to be able to both confirm that fingerprint of the client certificate matches what the server sees, and that the fingerprint of the certificate authority public cert sent to the client matches the cert on the server. To do the latter, I have to reach for the openssl man page and do something like this: openssl x509 -noout -fingerprint -in /var/lib/puppet/ssl/ca/ca_crt.pem Obviously, the paths are different on the client and server sides, too. puppet's PKI handling is the best I've seen outside of SSH; I think this feature would smooth off one of the last rough edges. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
