John Kennedy
2011-Sep-14 09:42 UTC
[Puppet Users] puppet kick getting hostname not match with the server certificate
OS - RHEL5.7
Installation Source - epel-testing repo
Puppet server version - 2.6.6
puppetd version - 2.6.6
I searched Google and none of the answers were a match for my set up...
I can do ''puppetd --test'' from the client and things work as
expected.
When doing puppet kick hostname I get the following:
Triggering hostname
Host hostname failed: hostname not match with the server certificate
hostname finished with exit code 2
Failed: hostname
I have done openssl x509 -text -in /var/lib/puppet/ssl/certs/ca.pem and both
CA certs are identical.
When I do openssl x509 -text -in /var/lib/puppet/ssl/certs/<fqdn>.pem |
more I find that they are almost identical. The client show the X509v3
extensions section differently:
On the Client:
X509v3 extensions:
Netscape Comment:
Puppet Ruby/OpenSSL Generated Certificate
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
EF:37:CB:9A:6C:42:11:6F:FF:DB:9B:77:DC:78:07:CA:8B:A1:7A:E1
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client
Authentication, E-mail Protection
On the master:
X509v3 extensions:
Netscape Comment:
Puppet Ruby/OpenSSL Generated Certificate
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
CB:07:D6:B9:37:E0:1E:C4:E1:3B:EC:53:69:4C:87:90:67:B0:49:D5
X509v3 Key Usage:
Certificate Sign, CRL Sign
The .pem files on both are called fqdn.pem. Running the hostname command
shows the fqdn of the client.
I am stuck as to why this is happening. Any help would be appreciated.
Thanks,
John
John Kennedy
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
James Turnbull
2011-Dec-16 01:23 UTC
Re: [Puppet Users] puppet kick getting hostname not match with the server certificate
John Kennedy wrote:> OS - RHEL5.7 > Installation Source - epel-testing repo > Puppet server version - 2.6.6 > puppetd version - 2.6.6 > > I searched Google and none of the answers were a match for my set up... > > I can do ''puppetd --test'' from the client and things work as expected. > When doing puppet kick hostname I get the following: > > Triggering hostname > Host hostname failed: hostname not match with the server certificate > hostname finished with exit code 2 > Failed: hostname >John Did you ever work out the issue here? Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 To schedule a meeting with me: http://tungle.me/jamtur01 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.