[Pulp-list] pulp and puppet certificates

Cristian Falcas cristi.falcas at gmail.com
Fri Sep 12 16:23:03 UTC 2014 

Hello,

I'm trying to set puppet certificates to be used by foreman, but I can't
manage to amke it work.

Actually only one of the commands doesn't work:

pulp-admin consumer unregister --consumer-id my-consumer1
An error occurred attempting to contact the server. More information can be
found in the client log file ~/.pulp/admin.log.

tail ~/.pulp/admin.log
    self.context.server.consumer.unregister(consumer_id)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/consumer.py", line
55, in unregister
    return self.server.DELETE(path)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 90,
in DELETE
    return self._request('DELETE', path, body=body)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line
143, in _request
    response_code, response_body = self.server_wrapper.request(method, url,
body)
  File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line
326, in request
    raise exceptions.ConnectionException(None, str(err), None)
ConnectionException: (None, 'sslv3 alert bad certificate', None)


This is the default certificate made by pulp: ca.crt
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 13145249922930536020 (0xb66d4f288c016e54)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=machine.optymyze.net, O=PULP
        Validity
            Not Before: Sep 11 17:23:23 2014 GMT
            Not After : Dec 15 17:23:23 2033 GMT
        Subject: CN=machine.optymyze.net, O=PULP
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption


This one is from puppet: pp_ca_cert.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 564 (0x234)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=Puppet CA: puppet.company.net
        Validity
            Not Before: Sep  1 10:19:31 2014 GMT
            Not After : Sep  1 10:19:31 2019 GMT
        Subject: CN=machine.optymyze.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:D0:25:E9:C0:EE:23:91:26:AD:16:8F:85:B5:C2:85:B7:66:B7:24
            Netscape Comment:
                Puppet Ruby/OpenSSL Internal Certificate
            X509v3 Extended Key Usage: critical
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Authority Key Identifier:

keyid:24:63:CC:70:4B:17:C7:FC:DB:82:65:66:E3:E4:6A:39:91:79:36:F3
    Signature Algorithm: sha256WithRSAEncryption

Is there a problem with the version of certificates made by puppet? Is pulp
requiring only v1?

Best regards,
Cristian Falcas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20140912/0df7e5a4/attachment.htm>

More information about the Pulp-list mailing list