i thought i would run up a fedora 8 installation and take a look around, my default kickstart installation includes puppet which shouldn''t be a problem however the puppet client fails with Certificates were not trusted: hostname was not match with the server certificate The cause is obvious, the hostname of my puppetmaster is ''puppet1.mydomain.com'' and clients access it via a DNS cname, ''puppet.mydomain.com''. So the certificate cannot be verified as the names do not match. The solution is not obvious, all other non-fedora 8 clients access the puppetmaster via the same cname and do not report this problem. If i pass ''--server puppet1.mydomain.com'' to puppetd it works but that is not what i want. Any ideas why f8 is being a pain? puppet-0.23.2-1.fc8 ruby-1.8.6.111-1.fc8 facter-1.3.8-1.fc8 openssl-0.9.8b-17.fc8 Ben
It''s more than Fedora 8. There was a lengthy discussion last week. What I personally did is to define the puppetmaster with it''s proper hostname instead of cheating with ''puppet'' in /etc/hosts Tim -----Original Message----- From: puppet-users-bounces@madstop.com [mailto:puppet-users-bounces@madstop.com] On Behalf Of Ben Sent: Monday, November 19, 2007 6:07 PM To: Puppet User Discussion Subject: [Puppet-users] puppet on fedora 8... i thought i would run up a fedora 8 installation and take a look around, my default kickstart installation includes puppet which shouldn''t be a problem however the puppet client fails with Certificates were not trusted: hostname was not match with the server certificate The cause is obvious, the hostname of my puppetmaster is ''puppet1.mydomain.com'' and clients access it via a DNS cname, ''puppet.mydomain.com''. So the certificate cannot be verified as the names do not match. The solution is not obvious, all other non-fedora 8 clients access the puppetmaster via the same cname and do not report this problem. If i pass ''--server puppet1.mydomain.com'' to puppetd it works but that is not what i want. Any ideas why f8 is being a pain? puppet-0.23.2-1.fc8 ruby-1.8.6.111-1.fc8 facter-1.3.8-1.fc8 openssl-0.9.8b-17.fc8 Ben _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
On Tue, Nov 20, 2007 at 10:07:27AM +1100, Ben wrote:> i thought i would run up a fedora 8 installation and take a look around, > my default kickstart installation includes puppet which shouldn''t be a > problem however the puppet client fails with > > Certificates were not trusted: hostname was not match with the > server certificatehttp://reductivelabs.com/trac/puppet/ticket/896 - Matt -- And Jesus said unto them, "And whom do you say that I am?" They replied, "You are the eschatological manifestation of the ground of our being, the ontological foundation of the context of our very selfhood revealed." And Jesus replied, "What?" -- Seen on the ''net
Tim.Metz@cox.com wrote:> It''s more than Fedora 8. There was a lengthy discussion last week. >Thanks Tim. My bad for not looking harder, just found the closed ticket #896 which will hopefully be in the upcoming release. Ben
--On Tuesday, November 20, 2007 10:30 AM +1100 Matt Palmer <matt@solutionsfirst.com.au> wrote:>> i thought i would run up a fedora 8 installation and take a look around, >> my default kickstart installation includes puppet which shouldn''t be a >> problem however the puppet client fails with >> >> Certificates were not trusted: hostname was not match with the >> server certificate > > http://reductivelabs.com/trac/puppet/ticket/896 > > - MattThis doesn''t seem to have fixed my problem, however. I''ve applied those patches and created a new cert for both my puppetmaster and my test server but the test server still complains. I''m wondering if it is because of my puppetca.