Jira (PUP-2551) Certname must be lowercase error not helpful

65 views
Skip to first unread message

Chad Metcalf (JIRA)

unread,
May 13, 2014, 1:19:43 AM5/13/14
to puppe...@googlegroups.com
Chad Metcalf created an issue
 
Puppet / Bug PUP-2551
Certname must be lowercase error not helpful
Issue Type: Bug Bug
Assignee: Unassigned
Created: 12/May/14 10:19 PM
Priority: Normal Normal
Reporter: Chad Metcalf

Currently if you set a non lowercase certname you get this error:

Error: Could not initialize global default settings: Certificate names must be lower case; see #1168

Its not terribly helpful for a couple reasons.

  1. We've moved away from RedMine. Only seasoned puppet veterans will see #1168 and say "oh right, redmine, duh."
  2. #1168 is an ancient thread that represents a dark time in puppet's history we'd all rather forget. Who cares about these comments? We need a succinct snippet for why we require lowercase names. Not force new users to read the insane old days. Especially since there really isn't any resolution on that thread.

I seem to recall there was a better resource somewhere that had a more definitive explanation. I've helped numerous people get past this.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede)
Atlassian logo

Eric Sorenson (JIRA)

unread,
May 22, 2014, 6:18:43 PM5/22/14
to puppe...@googlegroups.com
Eric Sorenson commented on an issue
 
Re: Certname must be lowercase error not helpful

I am not going to re-open the original problem for further debate, but I agree it's completely terrible.

Christopher Price can you make sure this is not the case (hah-hah no pun intended) in the new CA service?

i.e. we should permit mixed-case (and indeed mixed character) subject names and not store the files on disk in a character-for-character representation of the certificate's subject name because this + https://projects.puppetlabs.com/issues/15561

We can remove the agent warning/restriction once we're no longer on the Ruby CA.
Currently if you set a non lowercase certname you get this error:
{code}
Error: Could not initialize global default settings: Certificate names must be lower case; see #1168
{code}

Its not terribly helpful for a couple reasons.
# We've moved away from RedMine. Only seasoned puppet veterans will see #1168 and say "oh right, redmine, duh."
# #1168 i...

Zachary Stern (JIRA)

unread,
May 22, 2014, 6:28:43 PM5/22/14
to puppe...@googlegroups.com
Zachary Stern commented on an issue

Would it be possible in the interim to simply provide a better error message, without doing any actual fixing of the problem in the current CA?

Eric Sorenson (JIRA)

unread,
Jun 5, 2014, 1:45:44 PM6/5/14
to puppe...@googlegroups.com
Eric Sorenson commented on an issue

Zachary Stern sure that's reasonable, can you work up a patch?

Zachary Stern (JIRA)

unread,
Jun 5, 2014, 3:51:45 PM6/5/14
to puppe...@googlegroups.com
Zachary Stern commented on an issue

Eric Sorenson I can, but having read the redmine ticket top to bottom several times, I'm not quite sure what it should say. I get that the CA, currently, doesn't support mixed-case certnames, but I'm not quite sure what we'd want to give as the reason.

Nick Walker (JIRA)

unread,
Jun 5, 2014, 4:48:44 PM6/5/14
to puppe...@googlegroups.com
Nick Walker commented on an issue

Do error messages really need to explain why something is not possible? Or only that you can't do whatever you tried to do?

Zachary Stern (JIRA)

unread,
Jun 5, 2014, 4:50:45 PM6/5/14
to puppe...@googlegroups.com
Zachary Stern commented on an issue

I think in a case like this, where it's something you absolutely should be able to do (e.g. DNS names are not case sensitive, and on Windows machines, hostnames are by default upper case), then yes.

In general, perhaps not.
Reply all
Reply to author
Forward
0 new messages