Could not request certificate: Unsupported digest algorithm (SHA256) on Solaris 10 Client

[bjoern pohl]

Hi,

i'm currently having an issue with a puppet3.7.3/solaris 10 client.

I was quite sure that this client has generated a SHA1 csr and it was visible on the master,

Unfortunately I can't see or sign it anymore on the master (?!), so I cleaned the SSL dir on the client.

There was no csr flying around in the masters csr directory, so I did nothing on the master.

Afterwards I got the following message:

[sol10box:/etc/puppet/ssl]$ puppet agent -t

Info: Creating a new SSL key for sol10box.example.com

Info: Caching certificate for sol10box.example.com

Error: Could not request certificate: Unsupported digest algorithm (SHA256).

Exiting; failed to retrieve certificate and waitforcert is disabled

Ok, the installed openssl version (something like 0.9.7 or below)  isn't capable of generating SHA256 csr's, adding --digest SHA1 ( at commandline or puppet config) doesn't help, too - puppet still tries to generate SHA256 CSR's.

Any Ideas how to solve that? I can't just update openssl to something useful as it breaks dependencies to some proprietary software from hell, as always :)

best regards,

Björn