Trying to set up a simple master/agent configuration on two VMware VMs. I startup the master and then try to start the agent, in waitforcert mode to submit its cert request. After receving the request on the master and signing it, I get this on the agent: [jhg@vm2 puppet-2.7.12]$ sudo puppet agent --server vm1 --waitforcert 60 --test warning: peer certificate won''t be verified in this SSL session info: Caching certificate for ca warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session info: Creating a new SSL certificate request for vm2.jhmg.net info: Certificate Request fingerprint (md5): E2:79:4A:81:21:56:7E:2A:9B:B2:3C:74:27:15:24:4C warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session info: Caching certificate for vm2.jhmg.net err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client I have already verified that the two VM clocks are synchronized to within a few ms of each other. What ELSE could cause this? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/qDhj4dblhfAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I think your master needs to sign the cert, on the master issue puppet-ca --sign vm2.jhmg.net You''ll need to verify that syntax, it''s from memory :-) On Fri, Mar 30, 2012 at 6:06 PM, Jim Garrison <jhg6308@gmail.com> wrote:> Trying to set up a simple master/agent configuration on two VMware VMs. I > startup the master and then try to start the agent, in waitforcert mode to > submit its cert request. After receving the request on the master and > signing it, I get this on the agent: > > [jhg@vm2 puppet-2.7.12]$ sudo puppet agent --server vm1 --waitforcert 60 > --test > warning: peer certificate won''t be verified in this SSL session > info: Caching certificate for ca > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > info: Creating a new SSL certificate request for vm2.jhmg.net > info: Certificate Request fingerprint (md5): > E2:79:4A:81:21:56:7E:2A:9B:B2:3C:74:27:15:24:4C > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > info: Caching certificate for vm2.jhmg.net > err: Could not retrieve catalog from remote server: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify failed. > This is often because the time is out of sync on the server or client > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed. This is often > because the time is out of sync on the server or client > > I have already verified that the two VM clocks are synchronized to within > a few ms of each other. > > What ELSE could cause this? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/qDhj4dblhfAJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Sat, Mar 31, 2012 at 00:06, Jim Garrison <jhg6308@gmail.com> wrote:> Trying to set up a simple master/agent configuration on two VMware VMs. I > startup the master and then try to start the agent, in waitforcert mode to > submit its cert request. After receving the request on the master and > signing it, I get this on the agent: > > [jhg@vm2 puppet-2.7.12]$ sudo puppet agent --server vm1 --waitforcert 60 > --test > warning: peer certificate won''t be verified in this SSL session > info: Caching certificate for ca > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > info: Creating a new SSL certificate request for vm2.jhmg.net > info: Certificate Request fingerprint (md5): > E2:79:4A:81:21:56:7E:2A:9B:B2:3C:74:27:15:24:4C > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > warning: peer certificate won''t be verified in this SSL session > info: Caching certificate for vm2.jhmg.net > err: Could not retrieve catalog from remote server: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify failed. > This is often because the time is out of sync on the server or client > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed. This is often > because the time is out of sync on the server or client > > I have already verified that the two VM clocks are synchronized to within > a few ms of each other. > > What ELSE could cause this? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/qDhj4dblhfAJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >Potentially talking out my back side... Have you checked that the time zones are the same and DST is not a factor? John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.