Having a problem with cert negotiation between client and server. client: CentOS 4.4 2.6.9 kernel ruby 1.8.1-7 puppet 0.24.8 Server: Debian 4 2.6.9 kernel ruby 1.8.7 0.24.8-1 Client: Launch puppetd with -w30 Server: puppetca --list shows client server. I puppetca --sign it. Then on the client, I get this: notice: Got signed certificate notice: Starting Puppet client version 0.24.8 debug: Loaded state in 0.03 seconds debug: Retrieved facts in 0.81 seconds debug: Retrieving catalog debug: Calling puppetmaster.getconfig warning: Certificate validation failed; consider using the certname configuration option err: Could not retrieve catalog: Certificates were not trusted: certificate verify failed I''ve checked the time on both servers. they are the same. I''ve checked the cert on both servers w/ openssl verify. they are good. Any ideas? Drew --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On May 19, 2009, at 8:07 PM, Drew Morone wrote:> Having a problem with cert negotiation between client and server. > > client: > CentOS 4.4 > 2.6.9 kernel > ruby 1.8.1-7 > puppet 0.24.8 > > > Server: > Debian 4 > 2.6.9 kernel > ruby 1.8.7 > 0.24.8-1 > > Client: > Launch puppetd with -w30 > > Server: > puppetca --list shows client server. I puppetca --sign it. > > Then on the client, I get this: > notice: Got signed certificate > notice: Starting Puppet client version 0.24.8 > debug: Loaded state in 0.03 seconds > debug: Retrieved facts in 0.81 seconds > debug: Retrieving catalog > debug: Calling puppetmaster.getconfig > warning: Certificate validation failed; consider using the certname > configuration option > err: Could not retrieve catalog: Certificates were not trusted: > certificate verify failed > > I''ve checked the time on both servers. they are the same. > I''ve checked the cert on both servers w/ openssl verify. they are > good. > > Any ideas?Which certificate did you check on the client, and how did you do it? It *might* be the fact that your client is using ruby 1.8.1, but I doubt it. -- Life isn''t fair. It''s just fairer than death, that''s all. -- William Goldman --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Did anyone find out what was causing this ? Thanks, Alex D. On May 20, 12:18 pm, Luke Kanies <l...@madstop.com> wrote:> On May 19, 2009, at 8:07 PM, Drew Morone wrote: > > > > > Having a problem with cert negotiation between client and server. > > > client: > > CentOS 4.4 > > 2.6.9 kernel > > ruby 1.8.1-7 > > puppet 0.24.8 > > > Server: > > Debian 4 > > 2.6.9 kernel > > ruby 1.8.7 > > 0.24.8-1 > > > Client: > > Launch puppetd with -w30 > > > Server: > > puppetca --list shows client server. I puppetca --sign it. > > > Then on the client, I get this: > > notice: Got signed certificate > > notice: Starting Puppet client version 0.24.8 > > debug: Loaded state in 0.03 seconds > > debug: Retrieved facts in 0.81 seconds > > debug: Retrieving catalog > > debug: Calling puppetmaster.getconfig > > warning: Certificate validation failed; consider using the certname > > configuration option > > err: Could not retrieve catalog: Certificates were not trusted: > > certificate verify failed > > > I''ve checked the time on both servers. they are the same. > > I''ve checked the cert on both servers w/ openssl verify. they are > > good. > > > Any ideas? > > Which certificate did you check on the client, and how did you do it? > > It *might* be the fact that your client is using ruby 1.8.1, but I > doubt it. > > -- > Life isn''t fair. It''s just fairer than death, that''s all. > -- William Goldman > --------------------------------------------------------------------- > Luke Kanies |http://reductivelabs.com|http://madstop.com--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Actually, the problem was solved once the hostnames are the same as the cert names. On May 20, 12:18 pm, Luke Kanies <l...@madstop.com> wrote:> On May 19, 2009, at 8:07 PM, Drew Morone wrote: > > > > > Having a problem with cert negotiation between client and server. > > > client: > > CentOS 4.4 > > 2.6.9 kernel > > ruby 1.8.1-7 > > puppet 0.24.8 > > > Server: > > Debian 4 > > 2.6.9 kernel > > ruby 1.8.7 > > 0.24.8-1 > > > Client: > > Launch puppetd with -w30 > > > Server: > > puppetca --list shows client server. I puppetca --sign it. > > > Then on the client, I get this: > > notice: Got signed certificate > > notice: Starting Puppet client version 0.24.8 > > debug: Loaded state in 0.03 seconds > > debug: Retrieved facts in 0.81 seconds > > debug: Retrieving catalog > > debug: Calling puppetmaster.getconfig > > warning: Certificate validation failed; consider using the certname > > configuration option > > err: Could not retrieve catalog: Certificates were not trusted: > > certificate verify failed > > > I''ve checked the time on both servers. they are the same. > > I''ve checked the cert on both servers w/ openssl verify. they are > > good. > > > Any ideas? > > Which certificate did you check on the client, and how did you do it? > > It *might* be the fact that your client is using ruby 1.8.1, but I > doubt it. > > -- > Life isn''t fair. It''s just fairer than death, that''s all. > -- William Goldman > --------------------------------------------------------------------- > Luke Kanies |http://reductivelabs.com|http://madstop.com--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---