Hello, When I started using puppetmaster for the first time, it automatically generated a certificate with what it guessed should be the hostnames of the server. However, in my case it got guessed wrongly. I need to be able to refer to the hostname using puppet.otherdomain.com.au instead of puppet.mydomain.com.au. If the client tries to connect to puppet.otherdomain.com.au it (correctly) gets an error that the hostname doesn''t match in the certificate. How do I rectify this? Thanks. Brian may --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Brian May wrote:> Hello, > > When I started using puppetmaster for the first time, it automatically > generated a certificate with what it guessed should be the hostnames of > the server. > > However, in my case it got guessed wrongly. I need to be able to refer > to the hostname using puppet.otherdomain.com.au instead of > puppet.mydomain.com.au. > > If the client tries to connect to puppet.otherdomain.com.au it > (correctly) gets an error that the hostname doesn''t match in the > certificate. > > How do I rectify this? > >certname --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
AJ wrote:> Brian May wrote: >> Hello, >> >> When I started using puppetmaster for the first time, it automatically >> generated a certificate with what it guessed should be the hostnames of >> the server. >> >> However, in my case it got guessed wrongly. I need to be able to refer >> to the hostname using puppet.otherdomain.com.au instead of >> puppet.mydomain.com.au. >> >> If the client tries to connect to puppet.otherdomain.com.au it >> (correctly) gets an error that the hostname doesn''t match in the >> certificate. >> >> How do I rectify this? >> >> > > certnameI am having very similar issues. Note that we do not run a DNS server for the internal machines (on the RFC1918 addresses) so all naming is done in /etc/hosts On our puppet server I have: root@puppet1:/etc/puppet# hostname -f puppet1.internal which is what it should be. However, when I generate the certificates for puppet I get rubbish like: /etc/puppet/ssl/certs/puppet1..pem and, of course, puppet doesn''t work properly. I tried setting certname=puppet1.internal in the puppetd.conf and puppet.conf files as I imagine thats what is being referred to, cleaned the ssl out and started again and this makes no difference. However, when I pad out the internal ''domain'' to something that ''looks'' more like a real domain then the certificates are ok. In fact, it doesn''t matter how badly they match a ''real'' domain; I used .foo.bar.baz and it made the files called puppet1.foo.bar.baz.pem So, why shouldn''t I be able to use just .internal? foo.bar works... is the problem that it *needs* at least 2 pieces for the domain component? Is there something wrong with using just one? Is this a bug or a feature that I just don''t understand? Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Tue, Jun 10, 2008 at 5:52 PM, Steve Wray <steve.wray@cwa.co.nz> wrote:> > AJ wrote: >> Brian May wrote: >>> Hello, >>> >>> When I started using puppetmaster for the first time, it automatically >>> generated a certificate with what it guessed should be the hostnames of >>> the server. >>> >>> However, in my case it got guessed wrongly. I need to be able to refer >>> to the hostname using puppet.otherdomain.com.au instead of >>> puppet.mydomain.com.au. >>> >>> If the client tries to connect to puppet.otherdomain.com.au it >>> (correctly) gets an error that the hostname doesn''t match in the >>> certificate. >>> >>> How do I rectify this? >>> >>> >> >> certname> > > I am having very similar issues. > > Note that we do not run a DNS server for the internal machines (on the > RFC1918 addresses) so all naming is done in /etc/hosts > > On our puppet server I have: > > root@puppet1:/etc/puppet# hostname -f > puppet1.internal > > which is what it should be. > > However, when I generate the certificates for puppet I get rubbish like: > > /etc/puppet/ssl/certs/puppet1..pem > > and, of course, puppet doesn''t work properly. > > > I tried setting certname=puppet1.internal in the puppetd.conf and > puppet.conf files as I imagine thats what is being referred to, cleaned > the ssl out and started again and this makes no difference. > > However, when I pad out the internal ''domain'' to something that ''looks'' > more like a real domain then the certificates are ok. > > In fact, it doesn''t matter how badly they match a ''real'' domain; I used > .foo.bar.baz and it made the files called puppet1.foo.bar.baz.pem > > So, why shouldn''t I be able to use just .internal? foo.bar works... is > the problem that it *needs* at least 2 pieces for the domain component? > Is there something wrong with using just one? > > Is this a bug or a feature that I just don''t understand?In contrast we use ''ourname''.internal without any problems. --Paul --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---