Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-8563

The puppet agent should have a 'local' mode for CRL checking

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Duplicate
    • PUP 5.4.0
    • None
    • None
    • None
    • Hide

      Puppet Agent does not attempt to download a CRL and uses the designated local file. Agent fails if the local file is not present or is invalid/outdated.

      Show
      Puppet Agent does not attempt to download a CRL and uses the designated local file. Agent fails if the local file is not present or is invalid/outdated.
    • Coremunity
    • Customer Feedback
    • Needs Assessment

    Description

      According to the documentation at https://puppet.com/docs/puppet/5.4/configuration.html#certificaterevocation the certificate_revocation option, when set to anything but false will cause the client to try to download the CRL.

      If a user is using an external CA, then they should have the option to update the CRL file on the local system and set this to local so that the client can use the CRL placed using whatever method is deemed appropriate for the environment.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              peiriannydd Trevor Vaughan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support