The problem was solved when we moved to an Apache+mongrel setup from the initial webrick setup. Seems that webrick doens''t handle the SSL certs correctly enough to get this type of setup working. .r'' 2008/6/3 RijilV <rijilv@gmail.com>:> hey all, trying to get SSL cert deligation working based on > http://reductivelabs.com/trac/puppet/wiki/PuppetScalability. All of > the commands run without any problems, however I''m still not getting > it to work. One perplexing thing is openssl reports the cert is okay. > > > # openssl verify -CAfile /var/lib/puppet/ssl/certs/ca.pem > /var/lib/puppet/ssl/certs/test1.localdomain.pem > /var/lib/puppet/ssl/certs/test1.localdomain.pem: OK > # puppetd --test > notice: Ignoring cache > err: Could not retrieve catalog: Certificates were not trusted: tlsv1 > alert unknown ca > warning: Not using cache on failed catalog > > > /var/lib/puppet/ssl/certs/ca.pem on the client is exactly the same > content as /var/lib/puppet/ssl/ca/ca_crt.pem on the puppetmaster. The > client cert was generated on the root puppet CA. The root puppet CA > is the one that signed the local puppet server''s cert. Am I correct > in expecting that to work? > > Thanks in advance, > > .r'' >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Ohad Levy
2008-Jun-09 01:34 UTC
[Puppet Users] Re: SOLVED: Re: SSL delegation difficulties
Oh yeah.. maybe that should be more visible in the wiki page :) On Mon, Jun 9, 2008 at 1:03 AM, RijilV <rijilv@gmail.com> wrote:> > The problem was solved when we moved to an Apache+mongrel setup from > the initial webrick setup. Seems that webrick doens''t handle the SSL > certs correctly enough to get this type of setup working. > > > .r'' > > > 2008/6/3 RijilV <rijilv@gmail.com>: > > hey all, trying to get SSL cert deligation working based on > > http://reductivelabs.com/trac/puppet/wiki/PuppetScalability. All of > > the commands run without any problems, however I''m still not getting > > it to work. One perplexing thing is openssl reports the cert is okay. > > > > > > # openssl verify -CAfile /var/lib/puppet/ssl/certs/ca.pem > > /var/lib/puppet/ssl/certs/test1.localdomain.pem > > /var/lib/puppet/ssl/certs/test1.localdomain.pem: OK > > # puppetd --test > > notice: Ignoring cache > > err: Could not retrieve catalog: Certificates were not trusted: tlsv1 > > alert unknown ca > > warning: Not using cache on failed catalog > > > > > > /var/lib/puppet/ssl/certs/ca.pem on the client is exactly the same > > content as /var/lib/puppet/ssl/ca/ca_crt.pem on the puppetmaster. The > > client cert was generated on the root puppet CA. The root puppet CA > > is the one that signed the local puppet server''s cert. Am I correct > > in expecting that to work? > > > > Thanks in advance, > > > > .r'' > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---