I was hoping someone might have an answer for this:
While upgrading overall from Centos6 to Centos7 I'm handling the upgrade for puppet's version. Our new puppet server's version is 3.6.2 and I'd like it to work with the somewhat older puppet clients whose version is 2.7.25.
This is the problem I'm running into:
puppet cert –list –all
+"XXX.YYY.com" (MD5) 7C:0D:73:12:D6:53:62:94:12:DF:0F:1E:4E:DC:C5:34
+"puppet.polldev.com" (SHA256) 74:8D:84:3F:B4:FC:F6:5A:12:22:B0:63:2A:44:15:93:FB:47:E2:70:AA:F7:AF:B4:E8:62:D8:84:3B:CC:77:10
Then when I try to sign:
puppet cert sign XXX.YYY.com
Warning: Sections other than main, master, agent, user are deprecated in puppet.conf. Please use the directory environments feature to specify environments. (See http://docs.puppetlabs.com/puppet/latest/reference/environments.html)
(at /usr/share/ruby/vendor_ruby/puppet/settings/config_file.rb:77:in `collect')Error: unknown message digest algorithm
Are there any workarounds or solutions for this which don't involve setting up an external CA or using 3.x clients as well?
Thanks, I'd appreciate any help on this if anyone has any ideas.
Best Answer
I had the same problem. You have to update your puppet clients:
https://tickets.puppetlabs.com/browse/PUP-3176