<div dir="ltr"><div>I forgot to tell that other commands work with puppet certificates:<br><br>pulp-admin login -u admin -p admin<br>pulp-consumer -u admin -p admin register --consumer-id my-consumer<br>pulp-consumer -u admin -p admin unregister<br><br></div>Only "pulp-admin consumer" is failing.<br><br><div><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 12, 2014 at 7:23 PM, Cristian Falcas <span dir="ltr"><<a href="mailto:cristi.falcas@gmail.com" target="_blank">cristi.falcas@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div>Hello,<br><br></div>I'm trying to set puppet certificates to be used by foreman, but I can't manage to amke it work.<br><br></div>Actually only one of the commands doesn't work:<br><br>pulp-admin consumer unregister --consumer-id my-consumer1<br>An error occurred attempting to contact the server. More information can be<br>found in the client log file ~/.pulp/admin.log.<br><br><div><div><div>tail ~/.pulp/admin.log<br> self.context.server.consumer.unregister(consumer_id)<br> File "/usr/lib/python2.7/site-packages/pulp/bindings/consumer.py", line 55, in unregister<br> return self.server.DELETE(path)<br> File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 90, in DELETE<br> return self._request('DELETE', path, body=body)<br> File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 143, in _request<br> response_code, response_body = self.server_wrapper.request(method, url, body)<br> File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 326, in request<br> raise exceptions.ConnectionException(None, str(err), None)<br>ConnectionException: (None, 'sslv3 alert bad certificate', None)<br><br><br>This is the default certificate made by pulp: ca.crt<br>Certificate:<br> Data:<br> Version: 1 (0x0)<br> Serial Number: 13145249922930536020 (0xb66d4f288c016e54)<br> Signature Algorithm: sha1WithRSAEncryption<br> Issuer: CN=<a href="http://machine.optymyze.net" target="_blank">machine.optymyze.net</a>, O=PULP<br> Validity<br> Not Before: Sep 11 17:23:23 2014 GMT<br> Not After : Dec 15 17:23:23 2033 GMT<br> Subject: CN=<a href="http://machine.optymyze.net" target="_blank">machine.optymyze.net</a>, O=PULP<br> Subject Public Key Info:<br> Public Key Algorithm: rsaEncryption<br> Public-Key: (2048 bit)<br> Modulus:<br> Exponent: 65537 (0x10001)<br> Signature Algorithm: sha1WithRSAEncryption<br><br><br>This one is from puppet: pp_ca_cert.pem<br>Certificate:<br> Data:<br> Version: 3 (0x2)<br> Serial Number: 564 (0x234)<br> Signature Algorithm: sha256WithRSAEncryption<br> Issuer: CN=Puppet CA: <a href="http://puppet.company.net" target="_blank">puppet.company.net</a><br> Validity<br> Not Before: Sep 1 10:19:31 2014 GMT<br> Not After : Sep 1 10:19:31 2019 GMT<br> Subject: CN=<a href="http://machine.optymyze.net" target="_blank">machine.optymyze.net</a><br> Subject Public Key Info:<br> Public Key Algorithm: rsaEncryption<br> Public-Key: (4096 bit)<br> Modulus:<br> Exponent: 65537 (0x10001)<br> X509v3 extensions:<br> X509v3 Subject Key Identifier:<br> 2B:D0:25:E9:C0:EE:23:91:26:AD:16:8F:85:B5:C2:85:B7:66:B7:24<br> Netscape Comment:<br> Puppet Ruby/OpenSSL Internal Certificate<br> X509v3 Extended Key Usage: critical<br> TLS Web Server Authentication, TLS Web Client Authentication<br> X509v3 Basic Constraints: critical<br> CA:FALSE<br> X509v3 Key Usage: critical<br> Digital Signature, Key Encipherment<br> X509v3 Authority Key Identifier:<br> keyid:24:63:CC:70:4B:17:C7:FC:DB:82:65:66:E3:E4:6A:39:91:79:36:F3<br> Signature Algorithm: sha256WithRSAEncryption<br><br></div><div>Is there a problem with the version of certificates made by puppet? Is pulp requiring only v1?<br><br></div><div>Best regards,<br></div><div>Cristian Falcas<br><br></div></div></div></div>
</blockquote></div><br></div></div></div>