Re: [Puppet Users] header too long (OpenSSL::X509::CRLError) ?

Mon, 21 Feb 2011 09:21:48 -0800 

I have removed the ca_crl.pem puppet master has create a new one
but some hosts are not working now:

host1 OK :
# puppetd -tv
info: Caching catalog for host1.bc
info: Applying configuration version '1298308566'
notice: Finished catalog run in 0.06 seconds

host2:
# puppetd -tv
err: Could not retrieve catalog from remote server: hostname not match
with the server certificate
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run




2011/2/21 vincent <vinc...@louviaux.com>:
> Thanks
>
> I am trying this, do you know which index can use ?
>
> # openssl ca -gencrl -keyfile ca_key.pem -cert ca_crt.pem -out test
> Using configuration from /etc/pki/tls/openssl.cnf
> ../../CA/index.txt: No such file or directory
> unable to open '../../CA/index.txt'
> 4717:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:352:fopen('../../CA/index.txt','r')
> 4717:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
>
>
>
>
> 2011/2/21 Felix Frank <felix.fr...@alumni.tu-berlin.de>:
>>
>>
>> On 02/21/2011 06:00 PM, vincent wrote:
>>> the file ca_crl.pem was cleaned accidentally.
>>> How can I have an empty revocation list ?
>>
>> I'd assume puppet would create a new one for you.
>> I'm not sure what the puppet way to do this is.
>> Have a look at "puppet cert --help".
>>
>> Failing that, create a CRL using your CA and key as described in
>> http://gagravarr.org/writing/openssl-certs/ca.shtml#ca-revoke
>>
>> Yes, it's not quite trivial.
>>
>> HTH,
>> Felix
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to