Hi, I have this problem: when I make a new request and sign the client''s certificate, then i get a "revoked certificate" error: err: Could not retrieve catalog from remote server: sslv3 alert certificate revoked I am using same version of puppet on master and clients, tried many times, dates are the same, and cleaned the "ssl" directory. Can someone help me? Thanks, Matteo -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Ohad Levy
2011-May-04 11:14 UTC
Re: [Puppet Users] Puppetmaster revokes just signed certificates
On Wed, May 4, 2011 at 2:09 PM, M C <mcsoftec@gmail.com> wrote:> Hi, > > I have this problem: when I make a new request and sign the client''s > certificate, then i get a "revoked certificate" error: > > err: Could not retrieve catalog from remote server: sslv3 alert certificate > revoked > > I am using same version of puppet on master and clients, tried many times, > dates are the same, and cleaned the "ssl" directory. > > Can someone help me? > > since puppet doesn''t always refresh the revocation list, and if you didsome funny changes to your ssl dir, you might end up using the same certificate serial. try removing all files with CRL on the server and client in thier ssl dir. (and if you use apache, restart it) Ohad -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
M C
2011-May-04 13:20 UTC
Re: [Puppet Users] Puppetmaster revokes just signed certificates
Thank you, it solved! Goodbye, Matteo 2011/5/4 Ohad Levy <ohadlevy@gmail.com>> > > On Wed, May 4, 2011 at 2:09 PM, M C <mcsoftec@gmail.com> wrote: > >> Hi, >> >> I have this problem: when I make a new request and sign the client''s >> certificate, then i get a "revoked certificate" error: >> >> err: Could not retrieve catalog from remote server: sslv3 alert >> certificate revoked >> >> I am using same version of puppet on master and clients, tried many times, >> dates are the same, and cleaned the "ssl" directory. >> >> Can someone help me? >> >> since puppet doesn''t always refresh the revocation list, and if you did > some funny changes to your ssl dir, you might end up using the same > certificate serial. > > try removing all files with CRL on the server and client in thier ssl dir. > (and if you use apache, restart it) > > Ohad > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Maybe Matching Threads
- revoking ssh-cert.pub with serial revokes also younger certs
- [Bug 3659] New: Certificates are ignored when listing revoked items in a (binary) revocation list
- Using Puppet's client certificates for Apache, SSLVerifyClient
- Certificates Revocation Lists and Apache...
- When running puppetd the cert goes straight up to revoked?