Hello, I am trying to configure a new puppet server on Debian Squeeze, so the server version will be 2.6.2-4. I am trying to configure a client running Lenny, the puppet version is 0.25.4-2 I declare the new client with the command : #puppetd --server puppet.domain.tld --waitforcert 60 --test on the server : #puppetca --sign client.domain.tld When the client finish to execute the first command I have the following output : ***** info: Caching certificate for host.domain.tld info: Retrieving plugin info: Caching certificate_revocation_list for ca err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: Could not retrieve information from source(s) puppet://puppet.domain.tld/plugins info: Caching catalog for host.domain.tld info: Applying configuration version ''1299765672'' info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 0.01 seconds ***** Then if I run on the client : # puppetd -vt I get a certificate error : ***** info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run **** I read some post about such error, date is sync between the server and client (using the same ntp server). Any help appreciated ! Hugo -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Luigi Martin Petrella
2013-Feb-11 16:12 UTC
[Puppet Users] Re: Puppet Certificate verify failed
I have the same issue right now trying to connect a puppet master on CENTOS 6 and an agent on Red Hat 4. Did you finally found a solution?? Il giorno giovedì 10 marzo 2011 15:18:10 UTC+1, Romgo ha scritto:> > Hello, > > I am trying to configure a new puppet server on Debian Squeeze, so the > server version will be 2.6.2-4. > I am trying to configure a client running Lenny, the puppet version is > 0.25.4-2 > > I declare the new client with the command : > > #puppetd --server puppet.domain.tld --waitforcert 60 --test > > on the server : > > #puppetca --sign client.domain.tld > > > When the client finish to execute the first command I have the following > output : > > > ***** > info: Caching certificate for host.domain.tld > info: Retrieving plugin > info: Caching certificate_revocation_list for ca > err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of > resource: Could not retrieve information from source(s) > puppet://puppet.domain.tld/plugins > info: Caching catalog for host.domain.tld > info: Applying configuration version ''1299765672'' > info: Creating state file /var/lib/puppet/state/state.yaml > notice: Finished catalog run in 0.01 seconds > ***** > > Then if I run on the client : > > # puppetd -vt > > I get a certificate error : > > ***** > info: Retrieving plugin > err: /File[/var/lib/puppet/lib]: Failed to generate additional resources > using ''eval_generate'': SSL_connect returned=1 errno=0 state=SSLv3 read > server certificate B: certificate verify failed > err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of > resource: SSL_connect returned=1 errno=0 state=SSLv3 read server > certificate B: certificate verify failed Could not retrieve file metadata > for puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed > err: Could not retrieve catalog from remote server: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > **** > > I read some post about such error, date is sync between the server and > client (using the same ntp server). > > Any help appreciated ! > > Hugo >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
joel.merrick@gmail.com
2013-Feb-11 17:14 UTC
Re: [Puppet Users] Re: Puppet Certificate verify failed
Yes, use a hostname that exists? puppet.domain.tld is just an example FQDN. Point it at the hostname of your puppet master. On Mon, Feb 11, 2013 at 4:12 PM, Luigi Martin Petrella < luigimartin.way@gmail.com> wrote:> I have the same issue right now trying to connect a puppet master on > CENTOS 6 and an agent on Red Hat 4. > Did you finally found a solution?? > > > > Il giorno giovedì 10 marzo 2011 15:18:10 UTC+1, Romgo ha scritto: > >> Hello, >> >> I am trying to configure a new puppet server on Debian Squeeze, so the >> server version will be 2.6.2-4. >> I am trying to configure a client running Lenny, the puppet version is >> 0.25.4-2 >> >> I declare the new client with the command : >> >> #puppetd --server puppet.domain.tld --waitforcert 60 --test >> >> on the server : >> >> #puppetca --sign client.domain.tld >> >> >> When the client finish to execute the first command I have the following >> output : >> >> >> ***** >> info: Caching certificate for host.domain.tld >> info: Retrieving plugin >> info: Caching certificate_revocation_list for ca >> err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of >> resource: Could not retrieve information from source(s) >> puppet://puppet.domain.tld/**plugins >> info: Caching catalog for host.domain.tld >> info: Applying configuration version ''1299765672'' >> info: Creating state file /var/lib/puppet/state/state.**yaml >> notice: Finished catalog run in 0.01 seconds >> ***** >> >> Then if I run on the client : >> >> # puppetd -vt >> >> I get a certificate error : >> >> ***** >> info: Retrieving plugin >> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources >> using ''eval_generate'': SSL_connect returned=1 errno=0 state=SSLv3 read >> server certificate B: certificate verify failed >> err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of >> resource: SSL_connect returned=1 errno=0 state=SSLv3 read server >> certificate B: certificate verify failed Could not retrieve file metadata >> for puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 >> read server certificate B: certificate verify failed >> err: Could not retrieve catalog from remote server: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed >> warning: Not using cache on failed catalog >> err: Could not retrieve catalog; skipping run >> >> **** >> >> I read some post about such error, date is sync between the server and >> client (using the same ntp server). >> >> Any help appreciated ! >> >> Hugo >> > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscribe@googlegroups.com. > > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > >-- $ echo "kpfmAdpoofdufevq/dp/vl" | perl -pe ''s/(.)/chr(ord($1)-1)/ge'' -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Apparently Analagous Threads
- SSL issues - certificate verify failed
- certificate verify failed
- HELP!!! puppet-enterprise-3.1.0-el-6-i386 master/agent test fails
- err: Signing certificate error: Could not render to pson: getaddrinfo: Name or service not known
- Unable to generate certificate on Puppet Agent through Master