On Tue, Apr 8, 2014 at 12:57 AM, Tom <[email protected]> wrote: > > In light of the recently publicised vulnerability in OpenSSL versions > provided on RHEL6/CentOS6 http://heartbleed.com/, do you have any > recommendations on a procedure to regenerate new master certificates and > then revoke, clean and re-sign all client SSL certificates? > > I think it'd be great in my organisation to have a bullet proof procedure > for the future, as well as getting around this currently problem. > > Thanks for any assistance. >
Puppet Labs had a CVE around a puppet master certificate issue. It only replaces the master cert, but from what I recall a module automates this step. You can see if the remediation tool kit is still suitable for this purpose: http://puppetlabs.com/security/cve/cve-2011-3872 http://puppetlabs.com/security/cve/cve-2011-3872/faq#q9 http://puppetlabs.com/security/cve/cve-2011-3872/faq#q11 Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACqVBqBqqpU5LKQGztVmzdEjcZBiaZ1B7Rjg8nPcm4AMuYi73g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
