Matt Wise
2011-Feb-07 15:09 UTC
[Puppet Users] Puppet CA Inventory and Serial # file... unique format?
I''m working on a system for auto-resigning certificates for our clients and Iv''e basically got it working .. but I notice that Puppet uses an inventory file and a serial # file that seem to be differently formatted than the openssl toolkit uses? The serial number file that puppet generates has a 4 digit number starting with 0000... but openssl tracks its serial numbers in a hex format (0C, for example). The inventory files are also not compatible I found. Can anyone explain why this is? It makes it harder to use these two different tools with the same serial, inventory and CA files... —Matt (example inventory files below) puppet: 0x0007 2011-02-06T14:17:23GMT 2011-02-08T14:17:23GMT /CN=master102.dc1.xxx.com 0x0008 2011-02-06T14:17:28GMT 2011-02-08T14:17:28GMT /CN=master103.dc1.xxx.com openssl: V 110209142816Z 09 unknown /CN=master101.dc1.xxx.com V 110209150001Z 0A unknown /CN=master102.dc1.xxx.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Matt Wise
2011-Feb-08 17:51 UTC
[Puppet Users] Re: Puppet CA Inventory and Serial # file... unique format?
I''m not sure if this made it to the mailing list or not? I didn''t see it go out, and don''t see it on the web page... On Feb 7, 2011, at 7:09 AM, Matt Wise wrote:> I''m working on a system for auto-resigning certificates for our clients and Iv''e basically got it working .. but I notice that Puppet uses an inventory file and a serial # file that seem to be differently formatted than the openssl toolkit uses? The serial number file that puppet generates has a 4 digit number starting with 0000... but openssl tracks its serial numbers in a hex format (0C, for example). The inventory files are also not compatible I found. > > Can anyone explain why this is? It makes it harder to use these two different tools with the same serial, inventory and CA files... > > —Matt > > (example inventory files below) > > puppet: > 0x0007 2011-02-06T14:17:23GMT 2011-02-08T14:17:23GMT /CN=master102.dc1.xxx.com > 0x0008 2011-02-06T14:17:28GMT 2011-02-08T14:17:28GMT /CN=master103.dc1.xxx.com > > openssl: > V 110209142816Z 09 unknown /CN=master101.dc1.xxx.com > V 110209150001Z 0A unknown /CN=master102.dc1.xxx.com > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Patrick
2011-Feb-08 19:05 UTC
Re: [Puppet Users] Re: Puppet CA Inventory and Serial # file... unique format?
On Feb 8, 2011, at 9:51 AM, Matt Wise wrote:> I''m not sure if this made it to the mailing list or not? I didn''t see it go out, and don''t see it on the web page... > > On Feb 7, 2011, at 7:09 AM, Matt Wise wrote: > >> I''m working on a system for auto-resigning certificates for our clients and Iv''e basically got it working .. but I notice that Puppet uses an inventory file and a serial # file that seem to be differently formatted than the openssl toolkit uses? The serial number file that puppet generates has a 4 digit number starting with 0000... but openssl tracks its serial numbers in a hex format (0C, for example). The inventory files are also not compatible I found. >> >> Can anyone explain why this is? It makes it harder to use these two different tools with the same serial, inventory and CA files... >> >> —Matt >> >> (example inventory files below) >> >> puppet: >> 0x0007 2011-02-06T14:17:23GMT 2011-02-08T14:17:23GMT /CN=master102.dc1.xxx.com >> 0x0008 2011-02-06T14:17:28GMT 2011-02-08T14:17:28GMT /CN=master103.dc1.xxx.com >> >> openssl: >> V 110209142816Z 09 unknown /CN=master101.dc1.xxx.com >> V 110209150001Z 0A unknown /CN=master102.dc1.xxx.com >> >>I''d ben emailed both of your messages, so it seems to be working. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.