Issue #4948 has been updated by Charlie Sharpsteen. Keywords changed from CRL to CRL customer
---------------------------------------- Bug #4948: connecting from a client whose cert is revoked fails without indicating why https://projects.puppetlabs.com/issues/4948#change-88751 * Author: eric sorenson * Status: Accepted * Priority: High * Assignee: Charlie Sharpsteen * Category: SSL * Target version: * Affected Puppet version: 0.25.0 * Keywords: CRL customer * Branch: ---------------------------------------- had a confusing time tonight trying to debug some systems which were failing puppetd -tv -- the error output looked like: <pre> [root@it11p00me-acctsvc001 /var/lib/puppet]# puppetd -tv info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': certificate verify failed err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: certificate verify failed Could not retrieve file metadata for puppet://puppet/plugins: certificate verify failed info: Loading facts in locallinks info: Loading facts in locallinks err: Could not retrieve catalog from remote server: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run </pre> The cause was that the cert's serial number was in the CRL downloaded from the CA - probably due to a misunderstanding on my part of how exactly to issue new certificates to hosts whose private keys are lost due to re-imaging. But regardless it would be nice to emit some kind of informative error message if we find out the local certificate is in the CA's CRL. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
