Re: [Puppet Users] Emergency Certificate Revocation Procedure

Wed, 09 Apr 2014 05:50:35 -0700 

Thank you Nan,
It looks like Puppet Labs have recognised the importance of this, and I guess this thread should defer to the guidance that Eric Sorenson just posted to the list! 

Thank you for your help!

Tom.

On 08/04/14 15:01, Nan Liu wrote:

On Tue, Apr 8, 2014 at 12:57 AM, Tom <[email protected] 
<mailto:[email protected]>> wrote:



    In light of the recently publicised vulnerability in OpenSSL
    versions provided on RHEL6/CentOS6http://heartbleed.com/
    <http://heartbleed.com/>, do you have any recommendations on a
    procedure to regenerate new master certificates and then revoke,
    clean and re-sign all client SSL certificates?

    I think it'd be great in my organisation to have a bullet proof
    procedure for the future, as well as getting around this currently
    problem.

    Thanks for any assistance.



Puppet Labs had a CVE around a puppet master certificate issue. It 
only replaces the master cert, but from what I recall a module 
automates this step. You can see if the remediation tool kit is still 
suitable for this purpose:


http://puppetlabs.com/security/cve/cve-2011-3872

http://puppetlabs.com/security/cve/cve-2011-3872/faq#q9
http://puppetlabs.com/security/cve/cve-2011-3872/faq#q11

Thanks,

Nan
--

You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to [email protected] 
<mailto:[email protected]>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACqVBqBqqpU5LKQGztVmzdEjcZBiaZ1B7Rjg8nPcm4AMuYi73g%40mail.gmail.com 
<https://groups.google.com/d/msgid/puppet-users/CACqVBqBqqpU5LKQGztVmzdEjcZBiaZ1B7Rjg8nPcm4AMuYi73g%40mail.gmail.com?utm_medium=email&utm_source=footer>.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5344F71D.5070106%40t0mb.net.
For more options, visit https://groups.google.com/d/optout.






















					Reply via email to