[Pulp-list] pulp and puppet certificates
Cristian Falcas
cristi.falcas at gmail.com
Fri Sep 12 17:12:51 UTC 2014
I forgot to tell that other commands work with puppet certificates:
pulp-admin login -u admin -p admin
pulp-consumer -u admin -p admin register --consumer-id my-consumer
pulp-consumer -u admin -p admin unregister
Only "pulp-admin consumer" is failing.
On Fri, Sep 12, 2014 at 7:23 PM, Cristian Falcas <cristi.falcas at gmail.com>
wrote:
> Hello,
>
> I'm trying to set puppet certificates to be used by foreman, but I can't
> manage to amke it work.
>
> Actually only one of the commands doesn't work:
>
> pulp-admin consumer unregister --consumer-id my-consumer1
> An error occurred attempting to contact the server. More information can be
> found in the client log file ~/.pulp/admin.log.
>
> tail ~/.pulp/admin.log
> self.context.server.consumer.unregister(consumer_id)
> File "/usr/lib/python2.7/site-packages/pulp/bindings/consumer.py", line
> 55, in unregister
> return self.server.DELETE(path)
> File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line
> 90, in DELETE
> return self._request('DELETE', path, body=body)
> File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line
> 143, in _request
> response_code, response_body = self.server_wrapper.request(method,
> url, body)
> File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line
> 326, in request
> raise exceptions.ConnectionException(None, str(err), None)
> ConnectionException: (None, 'sslv3 alert bad certificate', None)
>
>
> This is the default certificate made by pulp: ca.crt
> Certificate:
> Data:
> Version: 1 (0x0)
> Serial Number: 13145249922930536020 (0xb66d4f288c016e54)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: CN=machine.optymyze.net, O=PULP
> Validity
> Not Before: Sep 11 17:23:23 2014 GMT
> Not After : Dec 15 17:23:23 2033 GMT
> Subject: CN=machine.optymyze.net, O=PULP
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> Public-Key: (2048 bit)
> Modulus:
> Exponent: 65537 (0x10001)
> Signature Algorithm: sha1WithRSAEncryption
>
>
> This one is from puppet: pp_ca_cert.pem
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 564 (0x234)
> Signature Algorithm: sha256WithRSAEncryption
> Issuer: CN=Puppet CA: puppet.company.net
> Validity
> Not Before: Sep 1 10:19:31 2014 GMT
> Not After : Sep 1 10:19:31 2019 GMT
> Subject: CN=machine.optymyze.net
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> Public-Key: (4096 bit)
> Modulus:
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Subject Key Identifier:
> 2B:D0:25:E9:C0:EE:23:91:26:AD:16:8F:85:B5:C2:85:B7:66:B7:24
> Netscape Comment:
> Puppet Ruby/OpenSSL Internal Certificate
> X509v3 Extended Key Usage: critical
> TLS Web Server Authentication, TLS Web Client
> Authentication
> X509v3 Basic Constraints: critical
> CA:FALSE
> X509v3 Key Usage: critical
> Digital Signature, Key Encipherment
> X509v3 Authority Key Identifier:
>
> keyid:24:63:CC:70:4B:17:C7:FC:DB:82:65:66:E3:E4:6A:39:91:79:36:F3
> Signature Algorithm: sha256WithRSAEncryption
>
> Is there a problem with the version of certificates made by puppet? Is
> pulp requiring only v1?
>
> Best regards,
> Cristian Falcas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20140912/e38d10e1/attachment.htm>
More information about the Pulp-list
mailing list