I fixed this by configuring webrick to set :SSLCACertificateFile and
:SSLCACertificatePath to the ssl bundle I got from godaddy.
s=WEBrick::HTTPServer.new(
:Port => 8443,
:Logger => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),
:DocumentRoot => "/tmp/webrick_test/doc_root",
:SSLEnable => true,
:SSLVerifyClient => OpenSSL::SSL::VERIFY_PEER,
:SSLCertificate => cert,
:SSLPrivateKey => pkey,
:SSLCACertificateFile => "sf_bundle.crt",
:SSLCACertificatePath => "/tmp/webrick_test",
:SSLCertName => [ [ "CN", "myhost.net" ] ]
)
s.start
On Wednesday, 9 May 2012 06:49:49 UTC-4, Sans wrote:>
> Dear all,
>
> I see this error message in my *masterhttp.log* repeatedly:
>
> ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3
>> read client certificate A: tlsv1 alert unknown ca
>>
>
>
> I saw a similar mail in the list but there was no definitive answer to
> that post. Does anyone know what am I missing here? I do understand what
> *unknown ca* means but I can''t think of any reason. Anyone can
give me
> some hints please?
>
> Cheers,
> San
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/WVWnBCbmSeQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.