Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2019

ssl-util can only load pkcs #1 formated keys, not pkcs #8

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • SERVER 6.6.0
    • None
    • Puppet Enterprise 2017.3.1

    • Normal
    • 2 - 5-25% of Customers
    • 3 - Serious
    • 4 - $$$$$
    • Hide
      The intermediate CA setup is difficult from the start, and then to run into autosigning not working, not great.

      The large users who want intermediate CAs are also quite likely to want autosigning. Many of them will have some sort of automated provisioning which need this functionality.
      Show
      The intermediate CA setup is difficult from the start, and then to run into autosigning not working, not great. The large users who want intermediate CAs are also quite likely to want autosigning. Many of them will have some sort of automated provisioning which need this functionality.
    • 33090
    • 1
    • Bug Fix
    • Puppet Server's CA can now handle keys in the PKCS#8 format, which is required when running in FIPS mode.
    • Needs Assessment

    Description

      Important caveats for reproduction:

      • Puppet server configured as intermediate CA to on-site root CA
      • Using this module: https://github.com/dnase/autosign
      • When piping a CSR into the script manually, everything works fine. Exit code 0
      • Also tested autosign script using puppetserver jruby (/opt/puppetlabs/server/bin/puppetserver ruby)
      • puppet.conf on the MoM is set with autosign = /etc/puppetlabs/puppet/autosign.rb
      • pe-puppet owns autosign.rb, permissions are 700

      Conditions:

      • No errors show in the logs
      • CSRs do not get autosigned
      • `puppet cert sign` works fine, but signing certificates through the console does not work.

      Attachments

        Issue Links

          Activity

            People

              justin Justin Stoller
              drew.nase Andrew Nase
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support