bluethundr
2010-Oct-07 03:36 UTC
[Puppet Users] hostname not match with the server certificate
Hello, For some reason my puppet client(s) cannot retrieve certs. On the server I run as per the wiki: [root@VIRTCENT13:/etc/yum.repos.d]#puppetca --list virtcent02.summitnjhome.com [root@VIRTCENT13:/etc/yum.repos.d]#puppetca --sign virtcent02.summitnjhome.com virtcent02.summitnjhome.com notice: Signed certificate request for virtcent02.summitnjhome.com [root@VIRTCENT13:/etc/yum.repos.d]# on the client I run and I get: [root@VIRTCENT02 ~]# puppetd --server puppet.summitnjhome.com -- waitforcert 60 --test info: Creating a new SSL key for virtcent02.summitnjhome.com err: Could not request certificate: No route to host - connect(2) warning: peer certificate won''t be verified in this SSL session info: Caching certificate for ca warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session info: Creating a new SSL certificate request for virtcent02.summitnjhome.com warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session info: Caching certificate for virtcent02.summitnjhome.com err: Could not retrieve catalog from remote server: hostname not match with the server certificate warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run my puppet client is: [root@VIRTCENT02 ~]# hostname -f virtcent02.summitnjhome.com my puppet server is: [root@VIRTCENT13:/etc/yum.repos.d]#hostname -f virtcent13.summitnjhome.com I''d appreciate any tips as to why the puppet client cannot receive it''s certificates. thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Sandor Szuecs
2010-Oct-10 10:16 UTC
Re: [Puppet Users] hostname not match with the server certificate
On Oct 7, 2010, at 5:36 AM, bluethundr wrote:> On the server I run as per the wiki: > > [root@VIRTCENT13:/etc/yum.repos.d]#puppetca --list > virtcent02.summitnjhome.com > [root@VIRTCENT13:/etc/yum.repos.d]#puppetca --sign > virtcent02.summitnjhome.com > virtcent02.summitnjhome.com > notice: Signed certificate request for virtcent02.summitnjhome.com > [root@VIRTCENT13:/etc/yum.repos.d]# > > > on the client I run and I get: > > [root@VIRTCENT02 ~]# puppetd --server puppet.summitnjhome.com -- > waitforcert 60 --testYou connect to puppet.summitnjhome.com, but the hostname is virtcent13.summitnjhome.com. If you have not generated a valid X509 Cert with the hostname you try to connect to it has to fail.> my puppet client is: > [root@VIRTCENT02 ~]# hostname -f > virtcent02.summitnjhome.com > > my puppet server is: > [root@VIRTCENT13:/etc/yum.repos.d]#hostname -f > virtcent13.summitnjhome.comAll the best, Sandor Szücs -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.