On Mon, Aug 15, 2011 at 2:10 PM, Sean Carolan <scaro...@gmail.com> wrote:
> We have an issue where sometimes servers get assigned serial number
> "0x0000" in the inventory.txt file. This causes major problems
> including SSL cert errors in the log file. Anyone know how to
> properly rebuild inventory.txt without tearing everything out and
> starting from scratch?
0x0000 is typically the CA cert, was the inventory.txt file blank when
this occurred? If you have all the certificates, you can use puppet
cert -pa and extract the serial number, date, and CN info. I'm not
sure if there's an automated way using openssl commands. This might be
reasonably close (output should be sorted by serial number):
require 'puppet'
require 'openssl'
Dir.glob("#{Puppet[:ssldir]}/ca/signed/*.pem") do |certfile|
cert = OpenSSL::X509::Certificate.new(File.read(certfile))
puts ("0x%04x" % cert.serial + "
#{cert.not_before.strftime('%Y-%m-%dT%H:%M:%SUTC')}
#{cert.not_after.strftime('%Y-%m-%dT%H:%M:%SUTC')} #{cert.subject}")
end
Thanks,
Nan
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
