You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected Puppet, Ruby, OS and module versions/distributions
Puppet: 7.28.0
Ruby: 2.7.8
Distribution: Rocky Linux 8.9
Module version: 3.1.0
How to reproduce (e.g Puppet code you use)
Try to create self-signed certificate with parameter key_dir, for example:
openssl::certificate::x509 { $facts[networking][fqdn]:
country => 'DK',
state => 'Denmark',
locality => 'Test',
commonname => $facts[networking][fqdn],
organization => 'company A/S',
unit => 'test',
email => 'admin@test.dk',
days => 3650,
base_dir => '/etc/ssl/certs',
key_dir => '/etc/ssl/private',
force => false,
encrypted => false,
}
What are you seeing
X509_cert is trying to use default key from the same directory with the request and certificate (/etc/ssl/certs). The key is generated in correct directory (/etc/ssl/private)
What behaviour did you expect instead
X509_cert must use the signing key from the parameter key_dir (/etc/ssl/private)
Output log
Notice: /Stage[main]/Profile::Test::Tls_certs/Openssl::Certificate::X509[host.test.dk]/Openssl::Config[/etc/ssl/certs//host.test.dk.cnf]/File[/etc/ssl/certs//host.test.dk.cnf]/content: content changed '{sha256}8447bb6632d45d40a3eaaceca9aa4cb6adf9aa98998dd463dc65d871b7db6b16' to '{sha256}dee758d609833006021578ebcf715e888c964d1ff047674445be789bc98ebae0'
Info: Openssl::Config[/etc/ssl/certs//host.test.dk.cnf]: Scheduling refresh of X509_request[/etc/ssl/certs//host.test.dk.csr]
Notice: /Stage[main]/Profile::Test::Tls_certs/Openssl::Certificate::X509[host.test.dk]/X509_request[/etc/ssl/certs//host.test.dk.csr]: Triggered 'refresh' from 1 event
Info: /Stage[main]/Profile::Test::Tls_certs/Openssl::Certificate::X509[host.test.dk]/X509_request[/etc/ssl/certs//host.test.dk.csr]: Scheduling refresh of X509_cert[/etc/ssl/certs//host.test.dk.crt]
Error: /Stage[main]/Profile::Test::Tls_certs/Openssl::Certificate::X509[host.test.dk]/X509_cert[/etc/ssl/certs//host.test.dk.crt]: Could not evaluate: No such file or directory @ rb_sysopen - /etc/ssl/certs/host.test.dk.key
Error: /Stage[main]/Profile::Test::Tls_certs/Openssl::Certificate::X509[host.test.dk]/X509_cert[/etc/ssl/certs//host.test.dk.crt]: Failed to call refresh: Execution of '/bin/openssl x509 -req -days 3650 -in /etc/ssl/certs//host.test.dk.csr -out /etc/ssl/certs//host.test.dk.crt -signkey /etc/ssl/certs/host.test.dk.key -extensions v3_req' returned 1: Signature ok
subject=/C=DK/ST=Denmark/L=Test/O=company A/S/OU=test/CN=host.test.dk/emailAddress=admin@test.dk
Getting Private key
Error opening Private key /etc/ssl/certs/host.test.dk.key
139684502910864:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/etc/ssl/certs/host.test.dk.key','r')
139684502910864:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load Private key
unable to write 'random state'
Error: /Stage[main]/Profile::Test::Tls_certs/Openssl::Certificate::X509[host.test.dk]/X509_cert[/etc/ssl/certs//host.test.dk.crt]: Execution of '/bin/openssl x509 -req -days 3650 -in /etc/ssl/certs//host.test.dk.csr -out /etc/ssl/certs//host.test.dk.crt -signkey /etc/ssl/certs/host.test.dk.key -extensions v3_req' returned 1: Signature ok
subject=/C=DK/ST=Denmark/L=Test/O=company A/S/OU=test/CN=host.test.dk/emailAddress=admin@test.dk
Getting Private key
Error opening Private key /etc/ssl/certs/host.test.dk.key
139684502910864:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/etc/ssl/certs/host.test.dk.key','r')
139684502910864:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load Private key
unable to write 'random state'
Notice: /Stage[main]/Profile::Test::Tls_certs/Openssl::Certificate::X509[host.test.dk]/File[/etc/ssl/certs//host.test.dk.crt]: Dependency X509_cert[/etc/ssl/certs//host.test.dk.crt] has failures: true
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
Try to create self-signed certificate with parameter
key_dir
, for example:What are you seeing
X509_cert is trying to use default key from the same directory with the request and certificate (
/etc/ssl/certs
). The key is generated in correct directory (/etc/ssl/private
)What behaviour did you expect instead
X509_cert must use the signing key from the parameter
key_dir
(/etc/ssl/private
)Output log
Any additional information you'd like to impart
Commit a8a98cf broke the behavior.
The text was updated successfully, but these errors were encountered: