Details
-
Bug
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
None
-
None
-
Puppet Enterprise 2017.3.1
-
Froyo
-
Needs Assessment
-
Normal
-
2 - 5-25% of Customers
-
3 - Serious
-
4 - $$$$$
-
-
33090
-
1
-
Bug Fix
-
Puppet Server's CA can now handle keys in the PKCS#8 format, which is required when running in FIPS mode.
-
Needs Assessment
Description
Important caveats for reproduction:
- Puppet server configured as intermediate CA to on-site root CA
- Using this module: https://github.com/dnase/autosign
- When piping a CSR into the script manually, everything works fine. Exit code 0
- Also tested autosign script using puppetserver jruby (/opt/puppetlabs/server/bin/puppetserver ruby)
- puppet.conf on the MoM is set with autosign = /etc/puppetlabs/puppet/autosign.rb
- pe-puppet owns autosign.rb, permissions are 700
Conditions:
- No errors show in the logs
- CSRs do not get autosigned
- `puppet cert sign` works fine, but signing certificates through the console does not work.
Attachments
Issue Links
- relates to
-
PUP-7877 Future Work for Intermediate CA Improvements
-
- Closed
-