puppet fingerprint and autosigning, reading the
17 views
Skip to first unread message
Rudy Gevaert
Jun 24, 2014, 3:00:54 AM6/24/14
to puppet...@googlegroups.com
Hello,
I would like to integrate auto signing into my environment. Currently I'm running 3.6 master, but still with 2.7 agents. (Which means I can't add extra information in the certificate, that I could use as verification during the provisioning).
I'm looking at using the fingerprint which would be fed into my inventory, and my auto sign script will query my inventory to see if the fingerprint matches.
I'm having problems:
1) how to get the fingerprint out of the CSR.
I'm using 'openssl req -pubkey -noout | openssl rsa -pubin -outform DER -noout | openssl md5'
2) that doesn't match the fingerprint the is returned when doing the first run:
info: Certificate Request fingerprint (md5): 61:34:FD:D2:DF:44:D7:EA:C4:FE:93:C4:47:52:B3:05
3) Nor does it match the fingerprint on the client after the first run:
# puppet agent --fingerprint
27:0B:A1:96:BE:C2:71:50:59:9F:7D:0A:9D:5C:71:81
any ideas anyone?
Thanks,
rudy
I would like to integrate auto signing into my environment. Currently I'm running 3.6 master, but still with 2.7 agents. (Which means I can't add extra information in the certificate, that I could use as verification during the provisioning).
I'm looking at using the fingerprint which would be fed into my inventory, and my auto sign script will query my inventory to see if the fingerprint matches.
I'm having problems:
1) how to get the fingerprint out of the CSR.
I'm using 'openssl req -pubkey -noout | openssl rsa -pubin -outform DER -noout | openssl md5'
2) that doesn't match the fingerprint the is returned when doing the first run:
info: Certificate Request fingerprint (md5): 61:34:FD:D2:DF:44:D7:EA:C4:FE:93:C4:47:52:B3:05
3) Nor does it match the fingerprint on the client after the first run:
# puppet agent --fingerprint
27:0B:A1:96:BE:C2:71:50:59:9F:7D:0A:9D:5C:71:81
any ideas anyone?
Thanks,
rudy
Reply all
Reply to author
Forward
0 new messages