Unable to install Foreman with dns_alt_names certificates when CA
There could be a change in the puppet behaviour regarding the use of alternate names in certificates.
The current installer use the following option to generate certificates that work with several names :
- Add the option "dns_alt_names = " in the main section of /etc/puppet/puppet.conf
- create certificate authority with # puppet cert -g $(facter fqdn)
I think this option has been retired from puppet as generated certificates don't have the dns_alt_names set. It can be verified with puppet cert print $(facter fqdn) or with openssl x509 -in <file> -text
The Current Puppet documentation clearly states disable CA (ca = false) then add option "dns_alt_names = " to /etc/puppet/puppet.conf :
In order to reproduce the problem, I can upload my vagrant files somewhere.
#2 Updated by Ewoud Kohl van Wijngaarden about 4 years ago
I recall there being something like --allow-dns-alt-names to explicitly allow it, but even though I added the options to the modules I never got around to fully automating it. The vagrant files would be helpful and if you could mention the puppet version used that would also help.
#3 Updated by Benjamin Papillon about 4 years ago
The option --allow-dns-alt-names is useful for signing the certificate requests with dns_alt option and on client side.
It is not supported with the puppet cert -g command.
I'm using Puppet from PuppetLabs repositories, currently 3.7.4.
Here are my vagrant file and provisioning scripts