Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2321

output of puppetserver ca generate when using --subject-alt-names

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: SERVER 6.15.3, SERVER 7.1.0
    • Component/s: None
    • Labels:
      None
    • Template:
      PUP Bug Template
    • Team:
      Froyo
    • Method Found:
      Manual Test
    • Release Notes:
      Not Needed
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: 6.0.0
      Puppet Server Version: 2019.0.0.16
      OS Name/Version: Centos 7.2

      As a PE user, I execute "puppetserver ca generate --certname test.com --subject-alt-names test2.com" I get an error about signing the certificate (expected), however the error points me to a FOSS configuration file which doesn't exist in PE.

      Desired Behavior:

      The output should point me to ca.conf, not puppetserver.conf (doesn't exist in PE)

      A link to a doc on the allow-subject-alt-names setting would also be nice.

      Actual Behavior:

      Successfully submitted certificate request for test.com
      Error:
       When attempting to sign certificate request 'test.com', received
       code: 409
       body: CSR 'test.com' contains subject alternative names (DNS:pe-201813-master.puppetdebug.vlan, DNS:test2.com), which are disallowed. To allow subject alternative names, set allow-subject-alt-names to true in your puppetserver.conf file, restart the puppetserver, and try signing this certificate again.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              maggie Maggie Dreyer
              Reporter:
              erik.hansen Erik Hansen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support