is creating a correct config able to generate the CSR, but end up with
Info: /Stage[main]/Roles_test::Cert/Openssl::Certificate::X509[testcert]/X509_request[/etc/ssl/certs/testcert.csr]: Scheduling refresh of X509_cert[/etc/ssl/certs/testcert.crt]
Error: Execution of '/usr/bin/openssl x509 -req -days 365 -in /etc/ssl/certs/testcert.csr -out /etc/ssl/certs/testcert.crt -extfile /etc/ssl/certs/testcert.cnf -extensions v3_req' returned 1: We need a private key to sign with
Error: /Stage[main]/Roles_test::Cert/Openssl::Certificate::X509[testcert]/X509_cert[/etc/ssl/certs/testcert.crt]/ensure: change from 'absent' to 'present' failed: Execution of '/usr/bin/openssl x509 -req -days 365 -in /etc/ssl/certs/testcert.csr -out /etc/ssl/certs/testcert.crt -extfile /etc/ssl/certs/testcert.cnf -extensions v3_req' returned 1: We need a private key to sign with
Error: /Stage[main]/Roles_test::Cert/Openssl::Certificate::X509[testcert]/X509_cert[/etc/ssl/certs/testcert.crt]: Failed to call refresh: Execution of '/usr/bin/openssl x509 -req -days 365 -in /etc/ssl/certs/testcert.csr -out /etc/ssl/certs/testcert.crt -extfile /etc/ssl/certs/testcert.cnf -extensions v3_req' returned 1: We need a private key to sign with
Error: /Stage[main]/Roles_test::Cert/Openssl::Certificate::X509[testcert]/X509_cert[/etc/ssl/certs/testcert.crt]: Execution of '/usr/bin/openssl x509 -req -days 365 -in /etc/ssl/certs/testcert.csr -out /etc/ssl/certs/testcert.crt -extfile /etc/ssl/certs/testcert.cnf -extensions v3_req' returned 1: We need a private key to sign with
Which is failing due to missing reference to the keyfile in the command line.
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
Using the following snippet:
What are you seeing
Puppet agent is failing with:
Which is caused by a faulty config file:
The config template obviously failed to detect
extkeyusage
andaltnames
being empty.What behaviour did you expect instead
With 2.0.1 this was running flawless, creating the CSR and self-signed CRT.
Any additional information you'd like to impart
Adding values to the failed parameters:
is creating a correct config able to generate the CSR, but end up with
Which is failing due to missing reference to the keyfile in the command line.