Having a problem with cert negotiation between client and server.
client:
CentOS 4.4
2.6.9 kernel
ruby 1.8.1-7
puppet 0.24.8
Server:
Debian 4
2.6.9 kernel
ruby 1.8.7
0.24.8-1
Client:
Launch puppetd with -w30
Server:
puppetca --list shows client server. I puppetca --sign it.
Then on the client, I get this:
notice: Got signed certificate
notice: Starting Puppet client version 0.24.8
debug: Loaded state in 0.03 seconds
debug: Retrieved facts in 0.81 seconds
debug: Retrieving catalog
debug: Calling puppetmaster.getconfig
warning: Certificate validation failed; consider using the certname
configuration option
err: Could not retrieve catalog: Certificates were not trusted: certificate
verify failed
I''ve checked the time on both servers. they are the same.
I''ve checked the cert on both servers w/ openssl verify. they are good.
Any ideas?
Drew
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
On May 19, 2009, at 8:07 PM, Drew Morone wrote:> Having a problem with cert negotiation between client and server. > > client: > CentOS 4.4 > 2.6.9 kernel > ruby 1.8.1-7 > puppet 0.24.8 > > > Server: > Debian 4 > 2.6.9 kernel > ruby 1.8.7 > 0.24.8-1 > > Client: > Launch puppetd with -w30 > > Server: > puppetca --list shows client server. I puppetca --sign it. > > Then on the client, I get this: > notice: Got signed certificate > notice: Starting Puppet client version 0.24.8 > debug: Loaded state in 0.03 seconds > debug: Retrieved facts in 0.81 seconds > debug: Retrieving catalog > debug: Calling puppetmaster.getconfig > warning: Certificate validation failed; consider using the certname > configuration option > err: Could not retrieve catalog: Certificates were not trusted: > certificate verify failed > > I''ve checked the time on both servers. they are the same. > I''ve checked the cert on both servers w/ openssl verify. they are > good. > > Any ideas?Which certificate did you check on the client, and how did you do it? It *might* be the fact that your client is using ruby 1.8.1, but I doubt it. -- Life isn''t fair. It''s just fairer than death, that''s all. -- William Goldman --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Did anyone find out what was causing this ? Thanks, Alex D. On May 20, 12:18 pm, Luke Kanies <l...@madstop.com> wrote:> On May 19, 2009, at 8:07 PM, Drew Morone wrote: > > > > > Having a problem with cert negotiation between client and server. > > > client: > > CentOS 4.4 > > 2.6.9 kernel > > ruby 1.8.1-7 > > puppet 0.24.8 > > > Server: > > Debian 4 > > 2.6.9 kernel > > ruby 1.8.7 > > 0.24.8-1 > > > Client: > > Launch puppetd with -w30 > > > Server: > > puppetca --list shows client server. I puppetca --sign it. > > > Then on the client, I get this: > > notice: Got signed certificate > > notice: Starting Puppet client version 0.24.8 > > debug: Loaded state in 0.03 seconds > > debug: Retrieved facts in 0.81 seconds > > debug: Retrieving catalog > > debug: Calling puppetmaster.getconfig > > warning: Certificate validation failed; consider using the certname > > configuration option > > err: Could not retrieve catalog: Certificates were not trusted: > > certificate verify failed > > > I''ve checked the time on both servers. they are the same. > > I''ve checked the cert on both servers w/ openssl verify. they are > > good. > > > Any ideas? > > Which certificate did you check on the client, and how did you do it? > > It *might* be the fact that your client is using ruby 1.8.1, but I > doubt it. > > -- > Life isn''t fair. It''s just fairer than death, that''s all. > -- William Goldman > --------------------------------------------------------------------- > Luke Kanies |http://reductivelabs.com|http://madstop.com--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Actually, the problem was solved once the hostnames are the same as the cert names. On May 20, 12:18 pm, Luke Kanies <l...@madstop.com> wrote:> On May 19, 2009, at 8:07 PM, Drew Morone wrote: > > > > > Having a problem with cert negotiation between client and server. > > > client: > > CentOS 4.4 > > 2.6.9 kernel > > ruby 1.8.1-7 > > puppet 0.24.8 > > > Server: > > Debian 4 > > 2.6.9 kernel > > ruby 1.8.7 > > 0.24.8-1 > > > Client: > > Launch puppetd with -w30 > > > Server: > > puppetca --list shows client server. I puppetca --sign it. > > > Then on the client, I get this: > > notice: Got signed certificate > > notice: Starting Puppet client version 0.24.8 > > debug: Loaded state in 0.03 seconds > > debug: Retrieved facts in 0.81 seconds > > debug: Retrieving catalog > > debug: Calling puppetmaster.getconfig > > warning: Certificate validation failed; consider using the certname > > configuration option > > err: Could not retrieve catalog: Certificates were not trusted: > > certificate verify failed > > > I''ve checked the time on both servers. they are the same. > > I''ve checked the cert on both servers w/ openssl verify. they are > > good. > > > Any ideas? > > Which certificate did you check on the client, and how did you do it? > > It *might* be the fact that your client is using ruby 1.8.1, but I > doubt it. > > -- > Life isn''t fair. It''s just fairer than death, that''s all. > -- William Goldman > --------------------------------------------------------------------- > Luke Kanies |http://reductivelabs.com|http://madstop.com--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---