thr3ads.net - Puppet users - [Puppet Users] Less than 25Y to the End of the world (I mean 32-bit) [Feb 2013]

If this information is useful, please help other people find it:
Share via:

Jemmorey

2013-Feb-12 19:04 UTC

[Puppet Users] Less than 25Y to the End of the world (I mean 32-bit)

A note and a complaint.  Being a lazy sysadmin, I configured my ca_ttl to 
25y.  I assumed (poorly) that the ca would be created with the 25 year life 
span, and then certs would be created and use the end date of the root 
cert.  This is not correct.  Somehow a root CA can create certificates that 
extend beyond it''s expiration.

On 32-bit servers 25Y is beyond the end of the world.  In puppet, this 
results in the generic message:

err: Could not request certificate: time out of range

Figured I would post it to help any other lazy saps who still have to 
support 32-bit.

Enjoy!

Jordan

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Puppet users - Feb 2013 - Less than 25Y to the End of the world (I mean 32-bit)

[Puppet Users] Less than 25Y to the End of the world (I mean 32-bit)