The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #1573

`puppetca --clean' does not remove the host CSR

Added by Jos Backus over 5 years ago. Updated over 3 years ago.

Status:AcceptedStart date:09/12/2008
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:SSL
Target version:-
Affected Puppet version:0.25.0 Branch:
Keywords:puppetca

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This ticket may be automatically exported to the PUP project on JIRA using the button below:


Description

After a `puppetca —clean ‘ (silly, I know) on the puppetmaster the $libdir/puppet/ssl/csr_.pem file is left behind. The next puppetd invocation yields the following error:

    err: Could not request certificate: Certificate does not match private key.
    Try 'puppetca --clean ' on the server.

But that advice doesn’t fix the problem.

What does work is removing the $libdir/puppet/ssl/csr_.pem file after which the next puppetd invocation properly yields a new certificate.

To handle this case, should `puppetca —clean' not also remove the CSR file if present?

History

#1 Updated by James Turnbull over 5 years ago

  • Category set to SSL
  • Status changed from Unreviewed to Needs Decision
  • Assignee set to Luke Kanies

Luke – if you’re happy I can make this change.

#2 Updated by Luke Kanies over 5 years ago

  • Status changed from Needs Decision to Accepted
  • Assignee changed from Luke Kanies to James Turnbull

Yes, it should.

#3 Updated by James Turnbull over 5 years ago

  • Assignee changed from James Turnbull to Puppet Community
  • Affected Puppet version changed from 0.24.4 to 0.25.0

Moving this to 0.25. In the current SSL code this requires some re-work. In the new 0.25 branch its already refactored.

#4 Updated by James Turnbull almost 5 years ago

  • Assignee deleted (Puppet Community)

#5 Updated by Markus Roberts over 4 years ago

  • Target version set to 0.25.3

#6 Updated by Markus Roberts over 4 years ago

  • Target version changed from 0.25.3 to 0.25.4

#7 Updated by James Turnbull over 4 years ago

  • Target version changed from 0.25.4 to 0.25.5

#8 Updated by Nicolas Valcarcel about 4 years ago

I’m trying to work on this as my first contribution to puppet so i learn from the code and the community since it seems simple enough, after diving in the code i found that a line for removing the file from disk should be added in self.destroy function at ssl/host.rb the only issue i have to write that line is how to get the path of the certificate, i found that maybe the inventory class can help, but i don’t find the inheriting path to use it from that function, am i missing something?

#9 Updated by James Turnbull about 4 years ago

  • Target version changed from 0.25.5 to 49

#10 Updated by James Turnbull over 3 years ago

  • Target version deleted (49)

Also available in: Atom PDF