I''m not sure if I got your exact problem, but one of your assumption is
wrong.
the certs/ca.pem on the client needs to include the puppetmaster (middle
level) and the root puppet master (puppeteer) ca/ca_crt.pem files.
the certificate them self are ok, its the client who things the middle
puppet master is not trusted.
Ohad
On Wed, Jun 4, 2008 at 1:45 PM, RijilV <rijilv@gmail.com> wrote:
>
> hey all, trying to get SSL cert deligation working based on
> http://reductivelabs.com/trac/puppet/wiki/PuppetScalability. All of
> the commands run without any problems, however I''m still not
getting
> it to work. One perplexing thing is openssl reports the cert is okay.
>
>
> # openssl verify -CAfile /var/lib/puppet/ssl/certs/ca.pem
> /var/lib/puppet/ssl/certs/test1.localdomain.pem
> /var/lib/puppet/ssl/certs/test1.localdomain.pem: OK
> # puppetd --test
> notice: Ignoring cache
> err: Could not retrieve catalog: Certificates were not trusted: tlsv1
> alert unknown ca
> warning: Not using cache on failed catalog
>
>
> /var/lib/puppet/ssl/certs/ca.pem on the client is exactly the same
> content as /var/lib/puppet/ssl/ca/ca_crt.pem on the puppetmaster. The
> client cert was generated on the root puppet CA. The root puppet CA
> is the one that signed the local puppet server''s cert. Am I
correct
> in expecting that to work?
>
> Thanks in advance,
>
> .r''
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---