-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Guys, I looked at one of my puppet certs while troubleshooting a problem getting Splunk to use them, and I discovered they look to be 1024 bits. Is there a way to change this to at the very least 2048 bits? I prefer 3072 or 4096, but if it''s not an option maybe I should file a feature request. - -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L''ennui est contre-révolutionnaire -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktvBhYACgkQRkBieEaRmuZDAQCdFK+vHGJBGwYS/wdrCvsLoXkk BqgAnihyTED3ft1hqxI1zcOmv5o53gOE =+LSj -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
This probably isn''t exactly what you''re looking for, but that''s covered at http://reductivelabs.com/trac/puppet/wiki/MultipleCertificateAuthorities along with other stuff to increase security. I haven''t done it myself, but it would be a bit of work. -Patrick On Feb 7, 2010, at 10:27 AM, Joe McDonagh wrote:> Hey Guys, I looked at one of my puppet certs while troubleshooting a > problem getting Splunk to use them, and I discovered they look to be > 1024 bits. Is there a way to change this to at the very least 2048 bits? > I prefer 3072 or 4096, but if it''s not an option maybe I should file a > feature request.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 8/02/10 5:27 AM, Joe McDonagh wrote:> Hey Guys, I looked at one of my puppet certs while troubleshooting a > problem getting Splunk to use them, and I discovered they look to be > 1024 bits. Is there a way to change this to at the very least 2048 bits? > I prefer 3072 or 4096, but if it''s not an option maybe I should file a > feature request.Joe Can you please log a feature request for it. I don''t think it''s rocket science to change but a) I''ve been wrong before and b) it''ll need a little bit of testing. Cheers James Turnbull - -- Author of: * Pro Linux System Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBS28l3yFa/lDkFHAyAQJzaQf/ZpEDnhhAdY2vk1WrEPBc7nqVZMs5TbNS Pmlglt1gn4SwYePEuwQymwsk8UplrLkhQPEvbn5zfFYx3yguyirT/DEuwabciXog Gbw1XQ4fND0zLxQnw2/3r72ChpgMkysK9dJy6pr59E/OFs2uzQwYV7N0iSFfiNtQ QGjad6J1I76R4wo2NAPq+lNthW5K4wk3XRY4/JHr0IxpEvmzD6vGLcA55VH4WKIb hFIZ+RES8cBNUsCxkt9LaWOYLKL9WZfckryZMb64smI7iQU9igpCpFQ3U5Pv9wDH RzM5tRKK3kpS5pkK9kXYAk+45jcwlo8TqsJe68gsijmQvcsgMRDM8Q==IJ/U -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James Turnbull wrote:> On 8/02/10 5:27 AM, Joe McDonagh wrote: >> Hey Guys, I looked at one of my puppet certs while troubleshooting a >> problem getting Splunk to use them, and I discovered they look to be >> 1024 bits. Is there a way to change this to at the very least 2048 bits? >> I prefer 3072 or 4096, but if it''s not an option maybe I should file a >> feature request. > > Joe > > Can you please log a feature request for it. I don''t think it''s > rocket science to change but a) I''ve been wrong before and b) it''ll > need a little bit of testing. > > Cheers > > James Turnbull >Will do James, thanks. - -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L''ennui est contre-révolutionnaire -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktvRzIACgkQRkBieEaRmuaK5QCfdpI0bR7bXObsgpCf7chijWi+ 2dkAoIuzuc2mx8xlgf+viD63MwRutloN =kWUz -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.