i thought i would run up a fedora 8 installation and take a look around,
my default kickstart installation includes puppet which shouldn''t be a
problem however the puppet client fails with
Certificates were not trusted: hostname was not match with the
server certificate
The cause is obvious, the hostname of my puppetmaster is
''puppet1.mydomain.com'' and clients access it via a DNS cname,
''puppet.mydomain.com''. So the certificate cannot be verified
as the
names do not match.
The solution is not obvious, all other non-fedora 8 clients access the
puppetmaster via the same cname and do not report this problem. If i
pass ''--server puppet1.mydomain.com'' to puppetd it works but
that is not
what i want.
Any ideas why f8 is being a pain?
puppet-0.23.2-1.fc8
ruby-1.8.6.111-1.fc8
facter-1.3.8-1.fc8
openssl-0.9.8b-17.fc8
Ben
It''s more than Fedora 8. There was a lengthy discussion last week. What
I personally did is to define the puppetmaster with it''s proper
hostname
instead of cheating with ''puppet'' in /etc/hosts
Tim
-----Original Message-----
From: puppet-users-bounces@madstop.com
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Ben
Sent: Monday, November 19, 2007 6:07 PM
To: Puppet User Discussion
Subject: [Puppet-users] puppet on fedora 8...
i thought i would run up a fedora 8 installation and take a look around,
my default kickstart installation includes puppet which shouldn''t be a
problem however the puppet client fails with
Certificates were not trusted: hostname was not match with the
server certificate
The cause is obvious, the hostname of my puppetmaster is
''puppet1.mydomain.com'' and clients access it via a DNS cname,
''puppet.mydomain.com''. So the certificate cannot be verified
as the
names do not match.
The solution is not obvious, all other non-fedora 8 clients access the
puppetmaster via the same cname and do not report this problem. If i
pass ''--server puppet1.mydomain.com'' to puppetd it works but
that is not
what i want.
Any ideas why f8 is being a pain?
puppet-0.23.2-1.fc8
ruby-1.8.6.111-1.fc8
facter-1.3.8-1.fc8
openssl-0.9.8b-17.fc8
Ben
_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users
On Tue, Nov 20, 2007 at 10:07:27AM +1100, Ben wrote:> i thought i would run up a fedora 8 installation and take a look around, > my default kickstart installation includes puppet which shouldn''t be a > problem however the puppet client fails with > > Certificates were not trusted: hostname was not match with the > server certificatehttp://reductivelabs.com/trac/puppet/ticket/896 - Matt -- And Jesus said unto them, "And whom do you say that I am?" They replied, "You are the eschatological manifestation of the ground of our being, the ontological foundation of the context of our very selfhood revealed." And Jesus replied, "What?" -- Seen on the ''net
Tim.Metz@cox.com wrote:> It''s more than Fedora 8. There was a lengthy discussion last week. >Thanks Tim. My bad for not looking harder, just found the closed ticket #896 which will hopefully be in the upcoming release. Ben
--On Tuesday, November 20, 2007 10:30 AM +1100 Matt Palmer <matt@solutionsfirst.com.au> wrote:>> i thought i would run up a fedora 8 installation and take a look around, >> my default kickstart installation includes puppet which shouldn''t be a >> problem however the puppet client fails with >> >> Certificates were not trusted: hostname was not match with the >> server certificate > > http://reductivelabs.com/trac/puppet/ticket/896 > > - MattThis doesn''t seem to have fixed my problem, however. I''ve applied those patches and created a new cert for both my puppetmaster and my test server but the test server still complains. I''m wondering if it is because of my puppetca.