On 8 Apr 2014 09:29, "Tom" <t...@t0mb.net> wrote: > > Hi, > > In light of the recently publicised vulnerability in OpenSSL versions provided on RHEL6/CentOS6 http://heartbleed.com/, do you have any recommendations on a procedure to regenerate new master certificates and then revoke, clean and re-sign all client SSL certificates?
Whilst I can't offer any direct answer to your question, and agree that it's a generally useful thing to have in the toolbox, I'm slightly inquisitive as to why you feel that action is necessary for this vulnerability. Is your Puppet Master accessible publically via the Internet and if so, why is that? If it isn't directly accessible via the Internet who/what is it that you think could have exploited the vulnerability? Thanks, Matt -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAKUTv3%2BNsfq3%2Batkib6WQ%3DaHNRtXPVbkZh7P6EDoktYD6%2B_HUQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
