> > This was done because of #6663 security concerns, I think you can > modify the puppet keylength settings when generating keys. > > > Hi Nan, I was just highlighting the limitation of the F5 LTM in versions prior to 10.2 since the issue is annoying hard to troubleshoot and was the source of my frustration. Part of the reason it was frustrating is that it allows you to upload certs that are greater than 2048 without error. This caveat with the SSL certs and the F5 LTM probably should be put up on the F5 load balance page in case someone else runs into the issue. I would not mind creating an example f5 configuration utilizing the puppetlabs-f5 module.
The other apache changes are required to make it work correctly though, especially changing the REMOTE_ADDR environmental variable, I was not able to find an alternative and this was the quickest solution to the problem because the puppet master is verifying the CN of the cert against the IP of the client, which on the F5 is the F5 IP. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/sQBuOeghrfYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
