Hi I have filled out the ticket, let me know if something is missing. Regards, JM
On Thu, Oct 4, 2012 at 1:07 AM, Eric Sorenson <[email protected]>wrote: > Hi JM, this sounds like a real problem that was probably introduced with > our code to start warning on certificates close to their expiration dates. > > (#7962) > > > https://github.com/puppetlabs/puppet/commit/12d81c7ef97167f1831143ff0037ae9a3970960d > > I created a ticket for this issue: > https://projects.puppetlabs.com/issues/16769 > > Can you please update the ticket with more information about your > environment? > > - what version of passenger? > - what version of apache? > > Thanks! > > > On Tuesday, October 2, 2012 7:07:32 AM UTC-7, A_SAAS wrote: >> >> Hi everyone, >> >> I am trying to setup puppet 3.0 with passenger since this morning, it is >> a really painful for me. >> >> I am using the directive: >> SSLOptions +StdEnvVars +ExportCertData >> >> >> No problem, but when putting '+ExportCertData', I am unable to autosign >> or revoke remotely any certificate I have the following error: >> info: Creating a new SSL key for linux-install.fqdn >> err: Could not request certificate: Error 400 on SERVER: header too long >> Exiting; failed to retrieve certificate and waitforcert is disabled >> >> When using only: >> SSLOptions +StdEnvVars >> >> Everything works perfectly. >> >> >> So here is the apache configuration file: >> -- >> # you probably want to tune these settings >> PassengerMaxPoolSize 12 >> PassengerPoolIdleTime 1500 >> # PassengerMaxRequests 1000 >> PassengerStatThrottleRate 120 >> RackAutoDetect Off >> RailsAutoDetect Off >> PassengerHighPerformance on >> >> Listen 8140 >> >> <VirtualHost *:8140> >> ServerName puppetmaster.fqdn >> ServerAlias puppetmaster >> >> ErrorLog /var/log/apache2/puppetmaster_**error.log >> LogLevel warn >> SetEnvIf Remote_Addr "::1" dontlog >> CustomLog /var/log/apache2/puppetmaster_**access.log combined >> env=!dontlog >> >> SSLEngine on >> SSLProtocol -ALL +SSLv3 +TLSv1 >> SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+**MEDIUM:-LOW:-SSLv2:-EXP >> >> SSLCertificateFile /data/local/puppet/ssl/certs/** >> puppetmaster.fqdn.pem >> SSLCertificateKeyFile /data/local/puppet/ssl/** >> private_keys/puppetmaster.**fqdn.pem >> SSLCertificateChainFile /data/local/puppet/ssl/ca/ca_**crt.pem >> SSLCACertificateFile /data/local/puppet/ssl/ca/ca_**crt.pem >> # If Apache complains about invalid signatures on the CRL, you >> can try disabling >> # CRL checking by commenting the next line, but this is not >> recommended. >> SSLCARevocationFile /data/local/puppet/ssl/ca/ca_**crl.pem >> SSLVerifyClient optional >> SSLVerifyDepth 1 >> # The `ExportCertData` option is needed for agent certificate >> expiration warnings >> SSLOptions +StdEnvVars +ExportCertData >> >> # This header needs to be set if using a loadbalancer or proxy >> # RequestHeader unset X-Forwarded-For >> >> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e >> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e >> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e >> >> RackAutoDetect On >> >> DocumentRoot /var/www/puppetmaster/public/ >> RackBaseURI / >> <Directory /var/www/puppetmaster/> >> Options None >> AllowOverride None >> Order allow,deny >> allow from all >> </Directory> >> </VirtualHost> >> -- >> >> >> So any clue? >> >> >> Regards, >> JM >> >> -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/ap55DPU-uRsJ. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
