[Pulp-list] pulp and puppet certificates

Cristian Falcas cristi.falcas at gmail.com
Fri Sep 12 17:12:51 UTC 2014 

I forgot to tell that other commands work with puppet certificates:

pulp-admin login -u admin -p admin
pulp-consumer -u admin -p admin register --consumer-id my-consumer
pulp-consumer -u admin -p admin unregister

Only "pulp-admin consumer" is failing.



On Fri, Sep 12, 2014 at 7:23 PM, Cristian Falcas <cristi.falcas at gmail.com>
wrote:

> Hello,
>
> I'm trying to set puppet certificates to be used by foreman, but I can't
> manage to amke it work.
>
> Actually only one of the commands doesn't work:
>
> pulp-admin consumer unregister --consumer-id my-consumer1
> An error occurred attempting to contact the server. More information can be
> found in the client log file ~/.pulp/admin.log.
>
> tail ~/.pulp/admin.log
>     self.context.server.consumer.unregister(consumer_id)
>   File "/usr/lib/python2.7/site-packages/pulp/bindings/consumer.py", line
> 55, in unregister
>     return self.server.DELETE(path)
>   File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line
> 90, in DELETE
>     return self._request('DELETE', path, body=body)
>   File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line
> 143, in _request
>     response_code, response_body = self.server_wrapper.request(method,
> url, body)
>   File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line
> 326, in request
>     raise exceptions.ConnectionException(None, str(err), None)
> ConnectionException: (None, 'sslv3 alert bad certificate', None)
>
>
> This is the default certificate made by pulp: ca.crt
> Certificate:
>     Data:
>         Version: 1 (0x0)
>         Serial Number: 13145249922930536020 (0xb66d4f288c016e54)
>     Signature Algorithm: sha1WithRSAEncryption
>         Issuer: CN=machine.optymyze.net, O=PULP
>         Validity
>             Not Before: Sep 11 17:23:23 2014 GMT
>             Not After : Dec 15 17:23:23 2033 GMT
>         Subject: CN=machine.optymyze.net, O=PULP
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>                 Public-Key: (2048 bit)
>                 Modulus:
>                 Exponent: 65537 (0x10001)
>     Signature Algorithm: sha1WithRSAEncryption
>
>
> This one is from puppet: pp_ca_cert.pem
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 564 (0x234)
>     Signature Algorithm: sha256WithRSAEncryption
>         Issuer: CN=Puppet CA: puppet.company.net
>         Validity
>             Not Before: Sep  1 10:19:31 2014 GMT
>             Not After : Sep  1 10:19:31 2019 GMT
>         Subject: CN=machine.optymyze.net
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>                 Public-Key: (4096 bit)
>                 Modulus:
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Subject Key Identifier:
>                 2B:D0:25:E9:C0:EE:23:91:26:AD:16:8F:85:B5:C2:85:B7:66:B7:24
>             Netscape Comment:
>                 Puppet Ruby/OpenSSL Internal Certificate
>             X509v3 Extended Key Usage: critical
>                 TLS Web Server Authentication, TLS Web Client
> Authentication
>             X509v3 Basic Constraints: critical
>                 CA:FALSE
>             X509v3 Key Usage: critical
>                 Digital Signature, Key Encipherment
>             X509v3 Authority Key Identifier:
>
> keyid:24:63:CC:70:4B:17:C7:FC:DB:82:65:66:E3:E4:6A:39:91:79:36:F3
>     Signature Algorithm: sha256WithRSAEncryption
>
> Is there a problem with the version of certificates made by puppet? Is
> pulp requiring only v1?
>
> Best regards,
> Cristian Falcas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20140912/e38d10e1/attachment.htm>

More information about the Pulp-list mailing list