sprock
2008-Nov-19 20:25 UTC
[Puppet Users] Could not request certificate: Certificate does not match private key
hello, I''ve just added a new client to an existing configuration but cannot get it recognised. Both client and server are running 0.24.5, installed on gentoo linux using portage. This is what I dis: Server: /etc/init.d/puppetmaster start * Starting puppetmaster ... [ ok ] Client: puppetd --test warning: peer certificate won''t be verified in this SSL session notice: Did not receive certificate notice: Set to run ''one time''; exiting with no certificate Server: puppetca --generate client.here.there Generating certificate for client.here.there Client: puppetd --waitforcert 60 --test warning: peer certificate won''t be verified in this SSL session err: Could not request certificate: Certificate retrieval failed: Certificate request does not match existing certificate; run ''puppetca --clean moonstone.esd.mun.ca''. Server: puppetca --list client.here.there server puppet # puppetca --sign client.here.there Signed client.here.there Client: puppetd --waitforcert 60 --test warning: peer certificate won''t be verified in this SSL session err: Could not request certificate: Certificate does not match private key. Try ''puppetca --clean client.here.there'' on the server. I''ve tried doing as suggested (several times) but the error persists. Thanks for any help. Roger --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
AJ Christensen
2008-Nov-20 03:13 UTC
[Puppet Users] Re: Could not request certificate: Certificate does not match private key
Make --server (client) match --certname (master) Regards, AJ 2008/11/20 sprock <rmason@mun.ca>> > hello, > > I''ve just added a new client to an existing configuration but cannot > get it recognised. Both client and server are running 0.24.5, > installed on gentoo linux using portage. > > This is what I dis: > > Server: > /etc/init.d/puppetmaster start > * Starting > puppetmaster ... > [ ok ] > > Client: > > puppetd --test > warning: peer certificate won''t be verified in this SSL session > notice: Did not receive certificate > notice: Set to run ''one time''; exiting with no certificate > > Server: > > puppetca --generate client.here.there > Generating certificate for client.here.there > > Client: > puppetd --waitforcert 60 --test > warning: peer certificate won''t be verified in this SSL session > err: Could not request certificate: Certificate retrieval failed: > Certificate request does not match existing certificate; run ''puppetca > --clean moonstone.esd.mun.ca''. > > Server: > > puppetca --list > client.here.there > server puppet # puppetca --sign client.here.there > Signed client.here.there > > Client: > > puppetd --waitforcert 60 --test > warning: peer certificate won''t be verified in this SSL session > err: Could not request certificate: Certificate does not match private > key. Try ''puppetca --clean client.here.there'' on the server. > > I''ve tried doing as suggested (several times) but the error persists. > > Thanks for any help. > > Roger > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
rmason@mun.ca
2008-Nov-21 10:11 UTC
[Puppet Users] Re: Could not request certificate: Certificate does not match private key
Hello, Thanks for responding. Quoting AJ Christensen <aj@junglist.gen.nz>:> Make --server (client) match --certname (master)I''m not certain what you are telling me.> > puppetca --generate client.here.there > > Generating certificate for client.here.there > > > > Client: > > puppetd --waitforcert 60 --test > > warning: peer certificate won''t be verified in this SSL session > > err: Could not request certificate: Certificate retrieval failed: > > Certificate request does not match existing certificate; run ''puppetca > > --clean moonstone.esd.mun.ca''.Are you refering to the name change from client.here.there to moonstone.esd.mun.ca? If so, that was an artefact of cutting and pasting to e-mail and trying to hide the names of the machines. Sorry to trouble you again. Cheers, Roger --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---