FAQ
I just recently spun up a new host using an old hostname, and when managing
the certificates, I noticed that the newly generated cert was listed as
sha256, while all of my earlier certs were listed as sha1. I guess this is
a new default or something, and I like better security, so I'd like all of
my hosts to use sha256. Is there any shortcut to regenerating all the
certs, or do I have to clean them off of each host and the master, then
regenerate them one by one?

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ORrjjsSZezEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Jcbollinger at Dec 10, 2012 at 2:29 pm

    On Friday, December 7, 2012 7:28:27 PM UTC-6, Ellison Marks wrote:
    I just recently spun up a new host using an old hostname, and when
    managing the certificates, I noticed that the newly generated cert was
    listed as sha256, while all of my earlier certs were listed as sha1. I
    guess this is a new default or something, and I like better security, so
    I'd like all of my hosts to use sha256. Is there any shortcut to
    regenerating all the certs, or do I have to clean them off of each host and
    the master, then regenerate them one by one?
    You would need to clean them all off and generate new ones. Really,
    though, I think there is very little advantage to doing so. It is true
    that SHA-256 is a stronger hash than SHA-1, but that doesn't mean
    cryptographic certificates using SHA-1 are unacceptably weak.

    If that's an issue that you need to settle reliably, however, then you
    should consult a security professional who is familiar with your
    infrastructure and requirements.


    John

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/fzbXx7_FxR4J.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedDec 8, '12 at 1:28a
activeDec 10, '12 at 2:29p
posts2
users2
websitepuppetlabs.com

2 users in discussion

Jcbollinger: 1 post Ellison Marks: 1 post

People

Translate

site design / logo © 2021 Grokbase