[chef] Chef12 pivotal certificate


Chronological Thread 
  • From: Andrew Brown < >
  • To: Chef Mailing List < >
  • Subject: [chef] Chef12 pivotal certificate
  • Date: Fri, 3 Oct 2014 15:57:26 +0000
  • Accept-language: en-US, en-CA

Ohai Chefs!

I’m exploring a way to self-generate the /etc/opscode secrets with Chef12, and noticed that the pivotal user’s certificate has a CN with a format “URI:http://opscode.com/GUIDS/#{UUID}” where UUID is a 36 character string.
This CN turns out to be 65 characters, which is 1 more than the 64 character limit imposed by OpenSSL.

OpenSSL gives an error message similar to the following:
string is too long, it needs to be less than  64 bytes long
problems making Certificate Request

While I’m sure this isn’t a problem in practice (I can put anything in the CN, after all), I wanted to bring it to your attention.

Cheers,
Andrew


  • [chef] Chef12 pivotal certificate, Andrew Brown, 10/03/2014

Archive powered by MHonArc 2.6.16.

§