Hi, I am using puppet with an external PKI and I recently ugraded the configuration to use passenger instead of webrick. However since I made that change, I discovered that the certificates I am using are not working anymore. Everything ran fine using webrick but as the number of managed node increased I wanted to switch to a more reliable web server. The problem is that passenger expects node certificate to have a DN field such as "/CN= mynode.example.com". If you use a certificate such as "/CN= mynode.example.com/O=MyOrg/L=Anywhere", passenger extracts the CN using a regex which only look for a "CN" pattern and outputs everything else. If think this is wrong as the required info is the node's fqdn. I got it to work by changing the regex in the rack code, but I think passenger should either be modified to include a better regex or be able to retrieve other apache environment variables (see below).
In my opinion, instead of passing SSL_CLIENT_S_DN to the puppetmaster, we should use the SSL_CLIENT_S_DN_CN variable which is extracted for us by apache. When trying to do this, puppetmaster recieve a fqdn such as " invalid.example.com" which makes no sense. Regards. Nicolas B. -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
