summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/puppet/network/client/ca.rb9
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/puppet/network/client/ca.rb b/lib/puppet/network/client/ca.rb
index 50d761ccf..412c9c59f 100644
--- a/lib/puppet/network/client/ca.rb
+++ b/lib/puppet/network/client/ca.rb
@@ -34,8 +34,6 @@ class Puppet::Network::Client::CA < Puppet::Network::Client
if cert.nil? or cert == ""
return nil
end
- Puppet.config.write(:hostcert) do |f| f.print cert end
- Puppet.config.write(:localcacert) do |f| f.print cacert end
begin
@cert = OpenSSL::X509::Certificate.new(cert)
@@ -47,8 +45,13 @@ class Puppet::Network::Client::CA < Puppet::Network::Client
end
unless @cert.check_private_key(key)
- raise InvalidCertificate, "Certificate does not match private key"
+ raise InvalidCertificate, "Certificate does not match private key. Try 'puppetca --clean %s' on the server." % Facter.value(:fqdn)
end
+
+ # Only write the cert out if it passes validating.
+ Puppet.config.write(:hostcert) do |f| f.print cert end
+ Puppet.config.write(:localcacert) do |f| f.print cacert end
+
return @cert
end
end
generated by cgit (git 2.34.1) at 2026-01-06 08:22:08 +0000