Recently i have wrongly removed the client(Amazon linux) certificate in puppet master, to recreate it i have deleted the /var/lib/puppet/ssl directory and then run command #puppet agent -t on the client and got the below error. The same method of regenerating the puppet certifiacte worked fine on Redhat linux servers.
Puppet Client:
===========
[root@proxy-AZa ~]# cd /var/lib/puppet/ssl/
[root@proxy-AZa ssl]# ls -lrt
total 24
drwxr-x--- 2 puppet root 4096 Oct 30 17:32 private
drwxr-x--- 2 puppet root 4096 Oct 30 17:32 private_keys
drwxr-xr-x 2 puppet root 4096 Oct 30 17:32 public_keys
drwxr-xr-x 2 puppet root 4096 Oct 30 17:32 certs
drwxr-xr-x 2 puppet root 4096 Oct 31 06:52 certificate_requests
drwxrwx--- 5 puppet puppet 4096 Oct 31 09:30 ca
[root@proxy-AZa ssl]# rm -rf *
[root@proxy-AZa ssl]# puppet agent -t
info: Creating a new SSL key for proxy-aza.ad2015sit
info: Caching certificate for ca
info: Creating a new SSL certificate request for proxy-aza.ad2015sit
info: Certificate Request fingerprint (md5): F4:45:68:AA:A8:48:5D:6D:D6:B2:62:11:70:5C:D3:AD
err: Could not request certificate: Error 400 on SERVER: unknown message digest algorithm
Exiting; failed to retrieve certificate and waitforcert is disabled
Puppet Master
===========
[root@puppet tmp]# puppet cert list
"c2c-cgs-1b-197.eu-west-1.compute.internal" (SHA256) 9E:5C:51:B9:65:F5:02:96:D0:B1:84:52:95:6B:49:80:C9:3A:17:20:80:1E:31:FA:D7:80:6B:41:D1:C2:7A:6D
"proxy-aza.ad2015sit" (MD5) 9E:90:70:C9:91:F8:80:2A:FE:C2:C5:71:FD:A7:F2:73
"proxy-aza" (MD5) 6C:9D:77:3C:C0:5D:08:26:A8:3F:3E:3D:C6:DA:CF:49
"win-0ev7r2vfdqc" (SHA256) 78:FA:FB:8F:07:1D:01:FA:CF:F0:29:EB:9F:94:B9:2A:23:31:F9:91:E4:29:6F:58:07:82:94:42:36:73:C6:B3
"win-4fucdt6gaiv" (SHA256) B2:92:F8:81:5D:78:AB:1A:77:6A:46:AD:9A:AE:7E:3A:0B:2C:8E:9A:4F:9D:18:1D:99:10:2D:D5:18:2B:F6:10
"win-nr2kko32ipn" (SHA256) F8:4B:48:31:03:D7:B9:F4:20:4C:DC:A6:25:E5:67:17:B0:6E:13:53:32:FA:94:A4:8C:E6:57:6B:D5:BA:55:FB
"win-qv88oi3kji6" (SHA256) CF:45:DB:A2:E4:F8:57:85:B7:E6:25:CD:82:E0:32:8D:EE:83:12:FC:CA:E6:00:8D:83:63:54:F1:74:72:85:CA
"win-sct3th2f3s7" (SHA256) 01:2F:4A:05:F2:06:8E:80:47:D5:8F:6E:A9:4E:9C:42:90:58:8D:8D:AE:75:B5:45:E9:78:FA:B5:B6:9E:BE:D1
You have new mail in /var/spool/mail/root
[root@puppet tmp]# puppet cert sign "proxy-aza.ad2015sit"
Error: unknown message digest algorithm
The certificates are generated with MD5 and not in SHA256 format. The problem exists only on amazon linux servers. Please anyone guide to resolve this issue.
Regards,
Vinoth Kumar
↧