[SERVER-2321] output of puppetserver ca generate when using --subject-alt-names - Puppet Jira Server

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Done
Affects Version/s: None
Fix Version/s: SERVER 6.15.3, SERVER 7.1.0
Component/s: None
Labels:
None

Epic Link:
Server CA CLI v2
Team:
Froyo
Method Found:
Manual Test

Release Notes:
Not Needed

QA Risk Assessment:
Needs Assessment

Description

Puppet Version: 6.0.0
Puppet Server Version: 2019.0.0.16
OS Name/Version: Centos 7.2

As a PE user, I execute "puppetserver ca generate --certname test.com --subject-alt-names test2.com" I get an error about signing the certificate (expected), however the error points me to a FOSS configuration file which doesn't exist in PE.

Desired Behavior:

The output should point me to ca.conf, not puppetserver.conf (doesn't exist in PE)

A link to a doc on the allow-subject-alt-names setting would also be nice.

Actual Behavior:

Successfully submitted certificate request for test.com

Error:

 When attempting to sign certificate request 'test.com', received

 code: 409

 body: CSR 'test.com' contains subject alternative names (DNS:pe-201813-master.puppetdebug.vlan, DNS:test2.com), which are disallowed. To allow subject alternative names, set allow-subject-alt-names to true in your puppetserver.conf file, restart the puppetserver, and try signing this certificate again.

Attachments

Issue Links

relates to

SERVER-2327 Start shipping a ca.conf file in FOSS

Closed

Activity

People

Assignee:: Maggie Dreyer

Reporter:: Erik Hansen

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2018/09/19 11:55 AM

Updated:: 2021/04/09 2:21 PM

Resolved:: 2021/03/10 3:17 PM