Hi,
Experiencing some issues with certs, I cannot see what I am doing
wrong, if anyone would look over this I would be appreciative.
I am running passenger and apache2.
*** LOCAL GEMS ***
daemon_controller (0.2.5)
facter (1.5.8)
fastthread (1.0.7)
file-tail (1.0.5)
passenger (2.2.11)
puppet (2.6.4)
rack (1.0.1)
rake (0.8.7)
spruz (0.2.2)
apache2 -v
Server version: Apache/2.2.14 (Ubuntu)
Server built: Nov 18 2010 21:20:56
root@puppetmaster:/etc/puppet# cat puppet.conf
[master]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
root@puppetmaster:/etc/puppet# cat /etc/puppet/rack/
config.ru public/
root@puppetmaster:/etc/puppet# cat /etc/puppet/rack/config.ru
# a config.ru, for use with every rack-compatible webserver.
# SSL needs to be handled outside this, though.
# if puppet is not in your RUBYLIB:
# $:.unshift(''/opt/puppet/lib'')
$0 = "master"
# if you want debugging:
# ARGV << "--debug"
ARGV << "--rack"
require ''puppet/application/master''
# we''re usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Application[:master].run
/etc/apache2/sites-available/puppetmasterd
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off
Listen 8140
NameVirtualHost puppet.server.com:8140
<VirtualHost puppet.server.com:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /etc/puppet/ssl/certs/puppetmaster.pem
SSLCertificateKeyFile /etc/puppet/ssl/private_keys/
puppetmaster.pem
SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /etc/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you
can try disabling
# CRL checking by commenting the next line, but this is not
recommended.
SSLCARevocationFile /etc/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
DocumentRoot /etc/puppet/rack/public/
RackBaseURI /
<Directory /etc/puppet/rack/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
After I run ->
puppetd --test --debug --server servername.com
This works to push me the cert to sign on the server. Once I sign it I
run this command again and get this error ->
warning: Certificate validation failed: considering using the certname
configuration option
err: Could not retrieve catalog: Certificates were not trusted:
Hostname was not match with server certificate.
warning: Not using cache on failed catalog.
I have gone through and deleted the /etc/puppet/ssl directory from the
server and attempted to regenerate the keys a few times. I also
removed the .puppet/ssl/ directory from the client side and tried to
regen the keys for it as well. No matter what I try I keep failing.
If I try to run puppetd from the server I gert this error ->
err: Could not retrieve catalog from remote server: hostname was not
match with the server certificate
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
Any tips?
Thanks
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.