[master] certname = myname.mydomain.com ca_server = myname.mydomain.com certdnsnames = puppet;puppet.local;myname.dyndns.org;hivemind.local;
对于我对定义的certdnsnames的理解,以下应该有效:
puppet agent --server myname.dyndns.org --test
但我收到以下错误:
err: Could not retrieve catalog from Remote Server: hostname was not match with the server certificate
如何避免这个错误?如何正确定义certdnsnames?我找到了关于此的不同文档,但没有简单的例子.我使用“,”分开,我根本无法签名.
我也看过像这样的语法
certdnsnames = puppet:puppet.intra.myserver.fr,puppet.myserver.fr:puppet,puppet:puppet,puppet.intra.myserver.fr,puppet.myserver.fr
http://projects.puppetlabs.com/issues/5776
但对于我来说,还不清楚何时添加“傀儡:”而不是.
解决方法
由于CVE-2011-3872,Puppet不再支持certdnsnames选项.从文档:
The certdnsnames setting is no longer functional,after CVE-2011-3872.
We ignore the value completely. For your own certificate request you
can set dns_alt_names in the configuration and it will apply locally.
There is no configuration option to set DNS alt names,or any other
subjectAltName value,for another nodes certificate. Alternately you
can use the –dns_alt_names command line option to set the labels
added while generating your own CSR.
您可以使用subjectAlternativeName为您的服务器生成SSL证书,如下所示:
$puppet cert generate <puppet master's certname> --dns_alt_names=<comma-separated list of DNS names>
原文地址:https://www.jb51.cc/html/229354.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。