-
Type:
Bug
-
Status: Resolved
-
Priority:
Normal
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: SERVER 6.6.0
-
Component/s: None
-
Labels:
-
Environment:
Puppet Enterprise 2017.3.1
-
Template:customfield_10700 219518
-
Epic Link:
-
Team:Froyo
-
Method Found:Needs Assessment
-
CS Priority:Normal
-
CS Frequency:2 - 5-25% of Customers
-
CS Severity:3 - Serious
-
CS Business Value:4 - $$$$$
-
CS Impact:
-
Zendesk Ticket IDs:33090
-
Zendesk Ticket Count:1
-
Release Notes:Bug Fix
-
Release Notes Summary:Puppet Server's CA can now handle keys in the PKCS#8 format, which is required when running in FIPS mode.
-
QA Risk Assessment:Needs Assessment
Important caveats for reproduction:
- Puppet server configured as intermediate CA to on-site root CA
- Using this module: https://github.com/dnase/autosign
- When piping a CSR into the script manually, everything works fine. Exit code 0
- Also tested autosign script using puppetserver jruby (/opt/puppetlabs/server/bin/puppetserver ruby)
- puppet.conf on the MoM is set with autosign = /etc/puppetlabs/puppet/autosign.rb
- pe-puppet owns autosign.rb, permissions are 700
Conditions:
- No errors show in the logs
- CSRs do not get autosigned
- `puppet cert sign` works fine, but signing certificates through the console does not work.
- relates to
-
PUP-7877 Future Work for Intermediate CA Improvements
-
- Closed
-