Puppet users - Aug 2011 - Certificate Verify Failed

I could use some help.  I am a newbie with puppet, and am trying to
learn it and use it here at the office.  I have created 2 CentOS 5.5
machines ( puppet.1on1.com - puppetmaster and puppetclient.1on1.com -
which will be the client that I control.)  When I attempt to connect
my client to the master, I get the following output:

# puppet agent --server=puppet.1on1.com --no-daemonize --verbose --
debug --trace
debug: Failed to load library ''selinux'' for feature
''selinux''
debug: Failed to load library ''shadow'' for feature
''libshadow''
debug: Failed to load library ''ldap'' for feature
''ldap''
debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does
not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature
microsoft_windows is missing
debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl/private_keys/puppetclient.1on1.com.pem]:
Autorequiring File[/etc/puppet/ssl/private_keys]
debug: /File[/etc/puppet/ssl/public_keys/puppetclient.1on1.com.pem]:
Autorequiring File[/etc/puppet/ssl/public_keys]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/run/agent.pid]: Autorequiring File[/var/
lib/puppet/run]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/
lib/puppet]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/
lib/puppet/state]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: Finishing transaction 167894360
debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
File[/etc/puppet/ssl]
debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/
puppet/ssl]
debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/
ssl]
debug: /File[/etc/puppet/ssl/private_keys/puppetclient.1on1.com.pem]:
Autorequiring File[/etc/puppet/ssl/private_keys]
debug: /File[/etc/puppet/ssl/public_keys/puppetclient.1on1.com.pem]:
Autorequiring File[/etc/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: Finishing transaction 174279260
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
indirector/rest.rb:97:in `rescue in http_request''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
indirector/rest.rb:81:in `http_request''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
indirector/rest.rb:76:in `block (2 levels) in <class:REST>''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
indirector/rest.rb:118:in `find''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
indirector/certificate/rest.rb:11:in `find''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
indirector/indirection.rb:188:in `find''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ssl/
host.rb:180:in `certificate''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ssl/
host.rb:263:in `wait_for_cert''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application/agent.rb:416:in `setup_host''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application/agent.rb:480:in `setup''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application.rb:305:in `block (2 levels) in run''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application.rb:411:in `hook''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application.rb:305:in `block in run''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application.rb:402:in `exit_on_fail''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
application.rb:305:in `run''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/util/
command_line.rb:69:in `execute''
/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/bin/puppet:4:in
`<top (required)>''
/usr/local/rvm/gems/ruby-1.9.2-p290/bin/puppet:19:in `load''
/usr/local/rvm/gems/ruby-1.9.2-p290/bin/puppet:19:in `<main>''
err: Could not request certificate: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed.
This is often because the time is out of sync on the server or client


In the /var/lib/puppet/log/maserhttp.log file I get the following
corresponding message:
[2011-08-26 12:41:42] ERROR OpenSSL::SSL::SSLError: SSL_accept
returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert
unknown ca
        /usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/
puppet/network/http/webrick.rb:44:in `accept''
        /usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/
puppet/network/http/webrick.rb:44:in `block (3 levels) in listen''
        /usr/local/rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/webrick/
server.rb:183:in `call''
        /usr/local/rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/webrick/
server.rb:183:in `block in start_thread''

I have verified that the times/date match on the two systems and they
are using the same ntp server.

I have run openssl against the certificate and get the following:

# openssl x509 -text -noout -in /etc/puppet/ssl/certs/puppet.
1on1.com.pem | grep -A2 Validity
        Validity
            Not Before: Aug 25 15:29:18 2011 GMT
            Not After : Aug 23 15:29:18 2016 GMT


I installed puppet using rvm and these steps:

rvm use 1.9.2-p290 --default
gem install facter --version ''1.6.0'' --no-ri --no-rdoc
gem install puppet --version ''2.7.3'' --no-ri --no-rdoc
rvm wrapper 1.9.2-p290@system --no-prefix puppet
rvm wrapper 1.9.2-p290@system --no-prefix puppetca
rvm wrapper 1.9.2-p290@system --no-prefix facter
rvm wrapper 1.9.2-p290@system --no-prefix puppetd
rvm wrapper 1.9.2-p290@system --no-prefix puppetdoc
rvm wrapper 1.9.2-p290@system --no-prefix puppetmasterd  # (on puppet.
1on1.com only)
rvm wrapper 1.9.2-p290@system --no-prefix puppetrun

mkdir -p /etc/puppet
mkdir -p /var/lib/puppet/ssl
mkdir -p /var/log/puppet
mkdir -p /var/run/puppet

I also added a startup script into /etc/init.d and used checkconfig
and server to setup and run the puppetmaster.

At this point, I am way confused as to why I cannot connect the client
to the master.  Any ideas or suggestions are greatly appreciated.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

PuppetNewbie <jtstaten@gmail.com> wrote:
>I could use some help.  I am a newbie with puppet, and am trying to
>learn it and use it here at the office.  I have created 2 CentOS 5.5
>machines ( puppet.1on1.com - puppetmaster and puppetclient.1on1.com -
>which will be the client that I control.)  When I attempt to connect
>my client to the master, I get the following output:
>
># puppet agent --server=puppet.1on1.com --no-daemonize --verbose --
>debug --trace
>debug: Failed to load library ''selinux'' for feature
''selinux''
>debug: Failed to load library ''shadow'' for feature
''libshadow''
>debug: Failed to load library ''ldap'' for feature
''ldap''
>debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
>debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
>dscl does not exist
>debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does
>not exist
>debug: Puppet::Type::User::ProviderPw: file pw does not exist
>debug: Puppet::Type::File::ProviderMicrosoft_windows: feature
>microsoft_windows is missing
>debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
>debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
>puppet]
>debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
>debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
>debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/
>ssl]
>debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
>debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/
>puppet/ssl]
>debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
>File[/etc/puppet/ssl]
>debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/
>puppet/ssl]
>debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/
>ssl]
>debug: /File[/etc/puppet/ssl/private_keys/puppetclient.1on1.com.pem]:
>Autorequiring File[/etc/puppet/ssl/private_keys]
>debug: /File[/etc/puppet/ssl/public_keys/puppetclient.1on1.com.pem]:
>Autorequiring File[/etc/puppet/ssl/public_keys]
>debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
>debug: /File[/var/lib/puppet/run/agent.pid]: Autorequiring File[/var/
>lib/puppet/run]
>debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/
>puppet]
>debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/
>puppet]
>debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/
>lib/puppet]
>debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/
>lib/puppet/state]
>debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
>puppet]
>debug: Finishing transaction 167894360
>debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
>debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
>puppet]
>debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
>debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
>debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/
>ssl]
>debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
>debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/
>puppet/ssl]
>debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
>File[/etc/puppet/ssl]
>debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/
>puppet/ssl]
>debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/
>ssl]
>debug: /File[/etc/puppet/ssl/private_keys/puppetclient.1on1.com.pem]:
>Autorequiring File[/etc/puppet/ssl/private_keys]
>debug: /File[/etc/puppet/ssl/public_keys/puppetclient.1on1.com.pem]:
>Autorequiring File[/etc/puppet/ssl/public_keys]
>debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
>puppet]
>debug: Finishing transaction 174279260
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>indirector/rest.rb:97:in `rescue in http_request''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>indirector/rest.rb:81:in `http_request''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>indirector/rest.rb:76:in `block (2 levels) in <class:REST>''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>indirector/rest.rb:118:in `find''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>indirector/certificate/rest.rb:11:in `find''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>indirector/indirection.rb:188:in `find''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ssl/
>host.rb:180:in `certificate''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ssl/
>host.rb:263:in `wait_for_cert''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application/agent.rb:416:in `setup_host''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application/agent.rb:480:in `setup''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application.rb:305:in `block (2 levels) in run''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application.rb:411:in `hook''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application.rb:305:in `block in run''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application.rb:402:in `exit_on_fail''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application.rb:305:in `run''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/util/
>command_line.rb:69:in `execute''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/bin/puppet:4:in
>`<top (required)>''
>/usr/local/rvm/gems/ruby-1.9.2-p290/bin/puppet:19:in `load''
>/usr/local/rvm/gems/ruby-1.9.2-p290/bin/puppet:19:in `<main>''
>err: Could not request certificate: SSL_connect returned=1 errno=0
>state=SSLv3 read server certificate B: certificate verify failed.
>This is often because the time is out of sync on the server or client
>
>
>In the /var/lib/puppet/log/maserhttp.log file I get the following
>corresponding message:
>[2011-08-26 12:41:42] ERROR OpenSSL::SSL::SSLError: SSL_accept
>returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert
>unknown ca
>        /usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/
>puppet/network/http/webrick.rb:44:in `accept''
>        /usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/
>puppet/network/http/webrick.rb:44:in `block (3 levels) in listen''
>        /usr/local/rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/webrick/
>server.rb:183:in `call''
>        /usr/local/rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/webrick/
>server.rb:183:in `block in start_thread''
>
>I have verified that the times/date match on the two systems and they
>are using the same ntp server.
>
>I have run openssl against the certificate and get the following:
>
># openssl x509 -text -noout -in /etc/puppet/ssl/certs/puppet.
>1on1.com.pem | grep -A2 Validity
>        Validity
>            Not Before: Aug 25 15:29:18 2011 GMT
>            Not After : Aug 23 15:29:18 2016 GMT
>
>
>I installed puppet using rvm and these steps:
>
>rvm use 1.9.2-p290 --default
>gem install facter --version ''1.6.0'' --no-ri --no-rdoc
>gem install puppet --version ''2.7.3'' --no-ri --no-rdoc
>rvm wrapper 1.9.2-p290@system --no-prefix puppet
>rvm wrapper 1.9.2-p290@system --no-prefix puppetca
>rvm wrapper 1.9.2-p290@system --no-prefix facter
>rvm wrapper 1.9.2-p290@system --no-prefix puppetd
>rvm wrapper 1.9.2-p290@system --no-prefix puppetdoc
>rvm wrapper 1.9.2-p290@system --no-prefix puppetmasterd  # (on puppet.
>1on1.com only)
>rvm wrapper 1.9.2-p290@system --no-prefix puppetrun
>
>mkdir -p /etc/puppet
>mkdir -p /var/lib/puppet/ssl
>mkdir -p /var/log/puppet
>mkdir -p /var/run/puppet
>
>I also added a startup script into /etc/init.d and used checkconfig
>and server to setup and run the puppetmaster.
>
>At this point, I am way confused as to why I cannot connect the client
>to the master.  Any ideas or suggestions are greatly appreciated.
>
>-- 
>You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
>To post to this group, send email to puppet-users@googlegroups.com.
>To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
>For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

PuppetNewbie <jtstaten@gmail.com> wrote:
>I could use some help.  I am a newbie with puppet, and am trying to
>learn it and use it here at the office.  I have created 2 CentOS 5.5
>machines ( puppet.1on1.com - puppetmaster and puppetclient.1on1.com -
>which will be the client that I control.)  When I attempt to connect
>my client to the master, I get the following output:
>
># puppet agent --server=puppet.1on1.com --no-daemonize --verbose --
>debug --trace
>debug: Failed to load library ''selinux'' for feature
''selinux''
>debug: Failed to load library ''shadow'' for feature
''libshadow''
>debug: Failed to load library ''ldap'' for feature
''ldap''
>debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
>debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
>dscl does not exist
>debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does
>not exist
>debug: Puppet::Type::User::ProviderPw: file pw does not exist
>debug: Puppet::Type::File::ProviderMicrosoft_windows: feature
>microsoft_windows is missing
>debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
>debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
>puppet]
>debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
>debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
>debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/
>ssl]
>debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
>debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/
>puppet/ssl]
>debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
>File[/etc/puppet/ssl]
>debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/
>puppet/ssl]
>debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/
>ssl]
>debug: /File[/etc/puppet/ssl/private_keys/puppetclient.1on1.com.pem]:
>Autorequiring File[/etc/puppet/ssl/private_keys]
>debug: /File[/etc/puppet/ssl/public_keys/puppetclient.1on1.com.pem]:
>Autorequiring File[/etc/puppet/ssl/public_keys]
>debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
>debug: /File[/var/lib/puppet/run/agent.pid]: Autorequiring File[/var/
>lib/puppet/run]
>debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/
>puppet]
>debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/
>puppet]
>debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/
>lib/puppet]
>debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/
>lib/puppet/state]
>debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
>puppet]
>debug: Finishing transaction 167894360
>debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet]
>debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
>puppet]
>debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet]
>debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
>debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/
>ssl]
>debug: /File[/etc/puppet/ssl]: Autorequiring File[/etc/puppet]
>debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/
>puppet/ssl]
>debug: /File[/etc/puppet/ssl/certificate_requests]: Autorequiring
>File[/etc/puppet/ssl]
>debug: /File[/etc/puppet/ssl/private_keys]: Autorequiring File[/etc/
>puppet/ssl]
>debug: /File[/etc/puppet/ssl/private]: Autorequiring File[/etc/puppet/
>ssl]
>debug: /File[/etc/puppet/ssl/private_keys/puppetclient.1on1.com.pem]:
>Autorequiring File[/etc/puppet/ssl/private_keys]
>debug: /File[/etc/puppet/ssl/public_keys/puppetclient.1on1.com.pem]:
>Autorequiring File[/etc/puppet/ssl/public_keys]
>debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
>puppet]
>debug: Finishing transaction 174279260
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>indirector/rest.rb:97:in `rescue in http_request''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>indirector/rest.rb:81:in `http_request''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>indirector/rest.rb:76:in `block (2 levels) in <class:REST>''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>indirector/rest.rb:118:in `find''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>indirector/certificate/rest.rb:11:in `find''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>indirector/indirection.rb:188:in `find''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ssl/
>host.rb:180:in `certificate''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/ssl/
>host.rb:263:in `wait_for_cert''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application/agent.rb:416:in `setup_host''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application/agent.rb:480:in `setup''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application.rb:305:in `block (2 levels) in run''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application.rb:411:in `hook''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application.rb:305:in `block in run''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application.rb:402:in `exit_on_fail''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/
>application.rb:305:in `run''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/puppet/util/
>command_line.rb:69:in `execute''
>/usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/bin/puppet:4:in
>`<top (required)>''
>/usr/local/rvm/gems/ruby-1.9.2-p290/bin/puppet:19:in `load''
>/usr/local/rvm/gems/ruby-1.9.2-p290/bin/puppet:19:in `<main>''
>err: Could not request certificate: SSL_connect returned=1 errno=0
>state=SSLv3 read server certificate B: certificate verify failed.
>This is often because the time is out of sync on the server or client
>
>
>In the /var/lib/puppet/log/maserhttp.log file I get the following
>corresponding message:
>[2011-08-26 12:41:42] ERROR OpenSSL::SSL::SSLError: SSL_accept
>returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert
>unknown ca
>        /usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/
>puppet/network/http/webrick.rb:44:in `accept''
>        /usr/local/rvm/gems/ruby-1.9.2-p290/gems/puppet-2.7.3/lib/
>puppet/network/http/webrick.rb:44:in `block (3 levels) in listen''
>        /usr/local/rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/webrick/
>server.rb:183:in `call''
>        /usr/local/rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/webrick/
>server.rb:183:in `block in start_thread''
>
>I have verified that the times/date match on the two systems and they
>are using the same ntp server.
>
>I have run openssl against the certificate and get the following:
>
># openssl x509 -text -noout -in /etc/puppet/ssl/certs/puppet.
>1on1.com.pem | grep -A2 Validity
>        Validity
>            Not Before: Aug 25 15:29:18 2011 GMT
>            Not After : Aug 23 15:29:18 2016 GMT
>
>
>I installed puppet using rvm and these steps:
>
>rvm use 1.9.2-p290 --default
>gem install facter --version ''1.6.0'' --no-ri --no-rdoc
>gem install puppet --version ''2.7.3'' --no-ri --no-rdoc
>rvm wrapper 1.9.2-p290@system --no-prefix puppet
>rvm wrapper 1.9.2-p290@system --no-prefix puppetca
>rvm wrapper 1.9.2-p290@system --no-prefix facter
>rvm wrapper 1.9.2-p290@system --no-prefix puppetd
>rvm wrapper 1.9.2-p290@system --no-prefix puppetdoc
>rvm wrapper 1.9.2-p290@system --no-prefix puppetmasterd  # (on puppet.
>1on1.com only)
>rvm wrapper 1.9.2-p290@system --no-prefix puppetrun
>
>mkdir -p /etc/puppet
>mkdir -p /var/lib/puppet/ssl
>mkdir -p /var/log/puppet
>mkdir -p /var/run/puppet
>
>I also added a startup script into /etc/init.d and used checkconfig
>and server to setup and run the puppetmaster.
>
>At this point, I am way confused as to why I cannot connect the client
>to the master.  Any ideas or suggestions are greatly appreciated.
>
>-- 
>You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
>To post to this group, send email to puppet-users@googlegroups.com.
>To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
>For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.