This is our problem! Our certs are elsewhere. Copying or linking to them allows the cert generation to succeed.
Thanks for the help! On Thursday, July 8, 2021 at 11:14:55 AM UTC-5 Maggie Dreyer wrote: > You can use `puppet config print [cakey|cacrl|cacert]` to find out where > it expects them to be. > > `cacert` and `cacrl` should both be either > * a single self-signed CA certificate and its CRL > * a chain of certs from your signing CA cert to a root cert and the CRLs > for each cert in the chain. > > You can use openssl to inspect the contents (though it will only parse the > first thing in each file, so if you have chains, you may need to split them > up to verify them this way). > > `cakey` should be the private key corresponding to your CA signing cert. > > Hope this helps, let us know if everything looks right and we can help you > dig in more. > Maggie > > On Thu, Jul 8, 2021 at 9:03 AM Dave Beedle <[email protected]> wrote: > >> Thanks for the quick response! This may apply, we may well manipulate >> the certs...some of our processes predate me so, I'll poke around to see >> if I can figure out where they are supposed to be and where we put them! >> >> On Thursday, July 8, 2021 at 10:14:14 AM UTC-5 Maggie Dreyer wrote: >> >>> Might you be hitting https://tickets.puppetlabs.com/browse/SERVER-3036? >>> Can you check if all of your CA files are present >>> <https://github.com/puppetlabs/puppetserver-ca-cli/blob/main/lib/puppetserver/ca/local_certificate_authority.rb#L60-L62> >>> >>> and correct? >>> >>> On Thu, Jul 8, 2021 at 8:02 AM Dave Beedle <[email protected]> wrote: >>> >>>> We have, in the past, generated cert on our puppet server using: >>>> /opt/puppetlabs/bin/puppetserver ca generate --ca-client --certname >>>> test.out.domain --subject-alt-names <bunch of alt names> >>>> >>>> But this began failing as we updated to Puppetserver v6.15.3. Seems to >>>> be unhappy with some gems (log below). I have resintalled the >>>> puppetserver-ca gem (same version) and updated puppetserver to 6.16.0, >>>> same >>>> result. Would anyone have any suggestions? >>>> >>>> >>>> Traceback (most recent call last): >>>> >>>> 6: from >>>> /opt/puppetlabs/server/apps/puppetserver/cli/apps/ca:5:in `<main>' >>>> >>>> 5: from >>>> /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.9.4/lib/puppetserver/ca/cli.rb:96:in >>>> >>>> `run' >>>> >>>> 4: from >>>> /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.9.4/lib/puppetserver/ca/action/generate.rb:144:in >>>> >>>> `run' >>>> >>>> 3: from >>>> /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.9.4/lib/puppetserver/ca/action/generate.rb:163:in >>>> >>>> `generate_authorized_certs' >>>> >>>> 2: from >>>> /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.9.4/lib/puppetserver/ca/action/generate.rb:163:in >>>> >>>> `map' >>>> >>>> 1: from >>>> /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.9.4/lib/puppetserver/ca/action/generate.rb:174:in >>>> >>>> `block in generate_authorized_certs' >>>> /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.9.4/lib/puppetserver/ca/local_certificate_authority.rb:158:in >>>> >>>> `sign_authorized_cert': undefined method `subject' for nil:NilClass >>>> (NoMethodError) >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Puppet Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/puppet-users/51cce0ff-3615-4ba1-b434-330c808e1f77n%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/puppet-users/51cce0ff-3615-4ba1-b434-330c808e1f77n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/64fba6fd-90f9-4f12-a0d8-86542c7068b3n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/puppet-users/64fba6fd-90f9-4f12-a0d8-86542c7068b3n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e5af3c32-c806-4bcc-b5a1-b5360ca841bdn%40googlegroups.com.
