Puppet users - Aug 2012 - Unable to generate certificate on Puppet Agent through Master

Hi,

I have a puppet master and agent installed. I want to generate and 
configure master-agent certificate and followed the steps:

    Master:
    =========    1. Cleaned up all certificate on Master:
     
    [root@puppet-server manifests]# puppet cert sign --all
    No waiting certificate requests to sign
    [root@puppet-server manifests]# puppet cert clean --all
    notice: Revoked certificate with serial 16
    notice: Removing file Puppet::SSL::Certificate puppet-client.test.com 
at ''/var/lib/puppet/ssl/ca/signed/puppet-client.test.com.pem''
    notice: Removing file Puppet::SSL::Certificate puppet-client.test.com 
at ''/var/lib/puppet/ssl/certs/puppet-client.test.com.pem''
    [root@puppet-server manifests]# puppet cert clean --all
    [root@puppet-server manifests]#
     
    2. Removed all ssl/* from Agent
     
    [root@puppet-client yum.repos.d]# rm -fr /var/lib/puppet/ssl/*
    [root@puppet-client yum.repos.d]# cd /var/lib/puppet/ssl/
    [root@puppet-client ssl]# ls
    [root@puppet-client ssl]#
     
    3. Generating Certificate from Agent:
     
    [root@puppet-client ssl]# puppet agent --test --verbose --server 
puppet-server.test.com
    info: Creating a new SSL key for puppet-client.test.com
    info: Caching certificate for ca
    info: Creating a new SSL certificate request for puppet-client.test.com
    info: Certificate Request fingerprint (md5): 
AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1
    Exiting; no certificate found and waitforcert is disabled
    [root@puppet-client ssl]#
     
    4. Accepting it through Master:
     
    [root@puppet-server manifests]# puppetca -l
      "puppet-client.test.com" 
(AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1)
    [root@puppet-server manifests]#
    [root@puppet-server manifests]# puppet cert sign --all
    notice: Signed certificate request for puppet-client.test.com
    notice: Removing file Puppet::SSL::CertificateRequest 
puppet-client.test.com at 
''/var/lib/puppet/ssl/ca/requests/puppet-client.test.com.pem''
    [root@puppet-server manifests]#
     
    Well going.
     
    5.[root@puppet-client ssl]# puppet agent --test --verbose --server 
puppet-server.test.com
    info: Caching certificate for puppet-client.test.com
    info: Caching certificate_revocation_list for ca
    err: Could not retrieve catalog from remote server: SSL_connect 
returned=1 errno=0 state=SSLv3 read server certificate B: certificate 
verify failed: [certificate revoked for /CN=puppet-server.test.com]
    warning: Not using cache on failed catalog
    err: Could not retrieve catalog; skipping run
    err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 
read server certificate B: certificate verify failed: [certificate revoked 
for /CN=puppet-server.test.com]
    [root@puppet-client ssl]#
     
I tried to remove all the certificate from agent manually 
/var/lib/puppet/ssl/* but things dint fix the issue.
I also tried to generate the certificate on server through :

puppet agent --test --server=`hostname`

and then performed all the steps above. No Luck with this too.

How to fix this issue?



-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/ftT-TXdZQkEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi..

Can you check date and time on both master and agent.. it should be in sync
with master..

Regards,
Ashish Jaiswal
On Aug 28, 2012 2:38 PM, "Ajeet Raina" <ajeetraina@gmail.com>
wrote:
> Hi,
>
> I have a puppet master and agent installed. I want to generate and
> configure master-agent certificate and followed the steps:
>
>     Master:
>     =========>     1. Cleaned up all certificate on Master:
>
>     [root@puppet-server manifests]# puppet cert sign --all
>     No waiting certificate requests to sign
>     [root@puppet-server manifests]# puppet cert clean --all
>     notice: Revoked certificate with serial 16
>     notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat
''/var/lib/puppet/ssl/ca/signed/puppet-client.test.com.pem''
>     notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat
''/var/lib/puppet/ssl/certs/puppet-client.test.com.pem''
>     [root@puppet-server manifests]# puppet cert clean --all
>     [root@puppet-server manifests]#
>
>     2. Removed all ssl/* from Agent
>
>     [root@puppet-client yum.repos.d]# rm -fr /var/lib/puppet/ssl/*
>     [root@puppet-client yum.repos.d]# cd /var/lib/puppet/ssl/
>     [root@puppet-client ssl]# ls
>     [root@puppet-client ssl]#
>
>     3. Generating Certificate from Agent:
>
>     [root@puppet-client ssl]# puppet agent --test --verbose --server
> puppet-server.test.com
>     info: Creating a new SSL key for puppet-client.test.com
>     info: Caching certificate for ca
>     info: Creating a new SSL certificate request for
> puppet-client.test.com
>     info: Certificate Request fingerprint (md5):
> AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1
>     Exiting; no certificate found and waitforcert is disabled
>     [root@puppet-client ssl]#
>
>     4. Accepting it through Master:
>
>     [root@puppet-server manifests]# puppetca -l
>       "puppet-client.test.com"
> (AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1)
>     [root@puppet-server manifests]#
>     [root@puppet-server manifests]# puppet cert sign --all
>     notice: Signed certificate request for puppet-client.test.com
>     notice: Removing file Puppet::SSL::CertificateRequest
> puppet-client.test.com at
>
''/var/lib/puppet/ssl/ca/requests/puppet-client.test.com.pem''
>     [root@puppet-server manifests]#
>
>     Well going.
>
>     5.[root@puppet-client ssl]# puppet agent --test --verbose --server
> puppet-server.test.com
>     info: Caching certificate for puppet-client.test.com
>     info: Caching certificate_revocation_list for ca
>     err: Could not retrieve catalog from remote server: SSL_connect
> returned=1 errno=0 state=SSLv3 read server certificate B: certificate
> verify failed: [certificate revoked for /CN=puppet-server.test.com]
>     warning: Not using cache on failed catalog
>     err: Could not retrieve catalog; skipping run
>     err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3
> read server certificate B: certificate verify failed: [certificate revoked
> for /CN=puppet-server.test.com]
>     [root@puppet-client ssl]#
>
> I tried to remove all the certificate from agent manually
> /var/lib/puppet/ssl/* but things dint fix the issue.
> I also tried to generate the certificate on server through :
>
> puppet agent --test --server=`hostname`
>
> and then performed all the steps above. No Luck with this too.
>
> How to fix this issue?
>
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/ftT-TXdZQkEJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi Ajeet,

Did you find any work around this issue?

I am having exactly the same issue and I tried all possible ways to fix it 
but didn''t get any success.

Please let me know.  Thanks in advance.

Cheers.

On Tuesday, 28 August 2012 18:38:51 UTC+9:30, Ajeet Raina
wrote:
>
> Hi,
>
> I have a puppet master and agent installed. I want to generate and 
> configure master-agent certificate and followed the steps:
>
>     Master:
>     =========>     1. Cleaned up all certificate on Master:
>      
>     [root@puppet-server manifests]# puppet cert sign --all
>     No waiting certificate requests to sign
>     [root@puppet-server manifests]# puppet cert clean --all
>     notice: Revoked certificate with serial 16
>     notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat
''/var/lib/puppet/ssl/ca/signed/puppet-client.test.com.pem''
>     notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat
''/var/lib/puppet/ssl/certs/puppet-client.test.com.pem''
>     [root@puppet-server manifests]# puppet cert clean --all
>     [root@puppet-server manifests]#
>      
>     2. Removed all ssl/* from Agent
>      
>     [root@puppet-client yum.repos.d]# rm -fr /var/lib/puppet/ssl/*
>     [root@puppet-client yum.repos.d]# cd /var/lib/puppet/ssl/
>     [root@puppet-client ssl]# ls
>     [root@puppet-client ssl]#
>      
>     3. Generating Certificate from Agent:
>      
>     [root@puppet-client ssl]# puppet agent --test --verbose --server 
> puppet-server.test.com
>     info: Creating a new SSL key for puppet-client.test.com
>     info: Caching certificate for ca
>     info: Creating a new SSL certificate request for 
> puppet-client.test.com
>     info: Certificate Request fingerprint (md5): 
> AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1
>     Exiting; no certificate found and waitforcert is disabled
>     [root@puppet-client ssl]#
>      
>     4. Accepting it through Master:
>      
>     [root@puppet-server manifests]# puppetca -l
>       "puppet-client.test.com" 
> (AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1)
>     [root@puppet-server manifests]#
>     [root@puppet-server manifests]# puppet cert sign --all
>     notice: Signed certificate request for puppet-client.test.com
>     notice: Removing file Puppet::SSL::CertificateRequest 
> puppet-client.test.com at 
>
''/var/lib/puppet/ssl/ca/requests/puppet-client.test.com.pem''
>     [root@puppet-server manifests]#
>      
>     Well going.
>      
>     5.[root@puppet-client ssl]# puppet agent --test --verbose --server 
> puppet-server.test.com
>     info: Caching certificate for puppet-client.test.com
>     info: Caching certificate_revocation_list for ca
>     err: Could not retrieve catalog from remote server: SSL_connect 
> returned=1 errno=0 state=SSLv3 read server certificate B: certificate 
> verify failed: [certificate revoked for /CN=puppet-server.test.com]
>     warning: Not using cache on failed catalog
>     err: Could not retrieve catalog; skipping run
>     err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 
> read server certificate B: certificate verify failed: [certificate revoked 
> for /CN=puppet-server.test.com]
>     [root@puppet-client ssl]#
>      
> I tried to remove all the certificate from agent manually 
> /var/lib/puppet/ssl/* but things dint fix the issue.
> I also tried to generate the certificate on server through :
>
> puppet agent --test --server=`hostname`
>
> and then performed all the steps above. No Luck with this too.
>
> How to fix this issue?
>
>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/itrAhB11ZzAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

The client requests the certifcate revocation list from the master, and you 
can disable that by disabling this feature by adding this to your agnet 
configs 
in puppet.conf add this line:

    certificate_revocation = false

and Run puppet agent -t again 

On Tuesday, August 28, 2012 5:08:51 AM UTC-4, Ajeet Raina
wrote:
>
> Hi,
>
> I have a puppet master and agent installed. I want to generate and 
> configure master-agent certificate and followed the steps:
>
>     Master:
>     =========>     1. Cleaned up all certificate on Master:
>      
>     [root@puppet-server manifests]# puppet cert sign --all
>     No waiting certificate requests to sign
>     [root@puppet-server manifests]# puppet cert clean --all
>     notice: Revoked certificate with serial 16
>     notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat
''/var/lib/puppet/ssl/ca/signed/puppet-client.test.com.pem''
>     notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat
''/var/lib/puppet/ssl/certs/puppet-client.test.com.pem''
>     [root@puppet-server manifests]# puppet cert clean --all
>     [root@puppet-server manifests]#
>      
>     2. Removed all ssl/* from Agent
>      
>     [root@puppet-client yum.repos.d]# rm -fr /var/lib/puppet/ssl/*
>     [root@puppet-client yum.repos.d]# cd /var/lib/puppet/ssl/
>     [root@puppet-client ssl]# ls
>     [root@puppet-client ssl]#
>      
>     3. Generating Certificate from Agent:
>      
>     [root@puppet-client ssl]# puppet agent --test --verbose --server 
> puppet-server.test.com
>     info: Creating a new SSL key for puppet-client.test.com
>     info: Caching certificate for ca
>     info: Creating a new SSL certificate request for 
> puppet-client.test.com
>     info: Certificate Request fingerprint (md5): 
> AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1
>     Exiting; no certificate found and waitforcert is disabled
>     [root@puppet-client ssl]#
>      
>     4. Accepting it through Master:
>      
>     [root@puppet-server manifests]# puppetca -l
>       "puppet-client.test.com" 
> (AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1)
>     [root@puppet-server manifests]#
>     [root@puppet-server manifests]# puppet cert sign --all
>     notice: Signed certificate request for puppet-client.test.com
>     notice: Removing file Puppet::SSL::CertificateRequest 
> puppet-client.test.com at 
>
''/var/lib/puppet/ssl/ca/requests/puppet-client.test.com.pem''
>     [root@puppet-server manifests]#
>      
>     Well going.
>      
>     5.[root@puppet-client ssl]# puppet agent --test --verbose --server 
> puppet-server.test.com
>     info: Caching certificate for puppet-client.test.com
>     info: Caching certificate_revocation_list for ca
>     err: Could not retrieve catalog from remote server: SSL_connect 
> returned=1 errno=0 state=SSLv3 read server certificate B: certificate 
> verify failed: [certificate revoked for /CN=puppet-server.test.com]
>     warning: Not using cache on failed catalog
>     err: Could not retrieve catalog; skipping run
>     err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 
> read server certificate B: certificate verify failed: [certificate revoked 
> for /CN=puppet-server.test.com]
>     [root@puppet-client ssl]#
>      
> I tried to remove all the certificate from agent manually 
> /var/lib/puppet/ssl/* but things dint fix the issue.
> I also tried to generate the certificate on server through :
>
> puppet agent --test --server=`hostname`
>
> and then performed all the steps above. No Luck with this too.
>
> How to fix this issue?
>
>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/-KCiSGPl9p8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

By default the client request the revocation list from the master, you can 
disable that by setting it''s property to false.
in puppet.conf add
    certificate_revocation = false

then, puppet agent -t 

hope this helps.

On Tuesday, December 18, 2012 7:05:43 AM UTC-5, Vishal Asai
wrote:
>
> Hi Ajeet,
>
> Did you find any work around this issue?
>
> I am having exactly the same issue and I tried all possible ways to fix it 
> but didn''t get any success.
>
> Please let me know.  Thanks in advance.
>
> Cheers.
>
> On Tuesday, 28 August 2012 18:38:51 UTC+9:30, Ajeet Raina wrote:
>>
>> Hi,
>>
>> I have a puppet master and agent installed. I want to generate and 
>> configure master-agent certificate and followed the steps:
>>
>>     Master:
>>     =========>>     1. Cleaned up all certificate on Master:
>>      
>>     [root@puppet-server manifests]# puppet cert sign --all
>>     No waiting certificate requests to sign
>>     [root@puppet-server manifests]# puppet cert clean --all
>>     notice: Revoked certificate with serial 16
>>     notice: Removing file Puppet::SSL::Certificate
puppet-client.test.comat
''/var/lib/puppet/ssl/ca/signed/puppet-client.test.com.pem''
>>     notice: Removing file Puppet::SSL::Certificate
puppet-client.test.comat
''/var/lib/puppet/ssl/certs/puppet-client.test.com.pem''
>>     [root@puppet-server manifests]# puppet cert clean --all
>>     [root@puppet-server manifests]#
>>      
>>     2. Removed all ssl/* from Agent
>>      
>>     [root@puppet-client yum.repos.d]# rm -fr /var/lib/puppet/ssl/*
>>     [root@puppet-client yum.repos.d]# cd /var/lib/puppet/ssl/
>>     [root@puppet-client ssl]# ls
>>     [root@puppet-client ssl]#
>>      
>>     3. Generating Certificate from Agent:
>>      
>>     [root@puppet-client ssl]# puppet agent --test --verbose --server 
>> puppet-server.test.com
>>     info: Creating a new SSL key for puppet-client.test.com
>>     info: Caching certificate for ca
>>     info: Creating a new SSL certificate request for 
>> puppet-client.test.com
>>     info: Certificate Request fingerprint (md5): 
>> AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1
>>     Exiting; no certificate found and waitforcert is disabled
>>     [root@puppet-client ssl]#
>>      
>>     4. Accepting it through Master:
>>      
>>     [root@puppet-server manifests]# puppetca -l
>>       "puppet-client.test.com" 
>> (AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1)
>>     [root@puppet-server manifests]#
>>     [root@puppet-server manifests]# puppet cert sign --all
>>     notice: Signed certificate request for puppet-client.test.com
>>     notice: Removing file Puppet::SSL::CertificateRequest 
>> puppet-client.test.com at 
>>
''/var/lib/puppet/ssl/ca/requests/puppet-client.test.com.pem''
>>     [root@puppet-server manifests]#
>>      
>>     Well going.
>>      
>>     5.[root@puppet-client ssl]# puppet agent --test --verbose --server 
>> puppet-server.test.com
>>     info: Caching certificate for puppet-client.test.com
>>     info: Caching certificate_revocation_list for ca
>>     err: Could not retrieve catalog from remote server: SSL_connect 
>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate 
>> verify failed: [certificate revoked for /CN=puppet-server.test.com]
>>     warning: Not using cache on failed catalog
>>     err: Could not retrieve catalog; skipping run
>>     err: Could not send report: SSL_connect returned=1 errno=0 
>> state=SSLv3 read server certificate B: certificate verify failed: 
>> [certificate revoked for /CN=puppet-server.test.com]
>>     [root@puppet-client ssl]#
>>      
>> I tried to remove all the certificate from agent manually 
>> /var/lib/puppet/ssl/* but things dint fix the issue.
>> I also tried to generate the certificate on server through :
>>
>> puppet agent --test --server=`hostname`
>>
>> and then performed all the steps above. No Luck with this too.
>>
>> How to fix this issue?
>>
>>
>>
>>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/z2V0i2yZyEEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

THANK YOU! I spent hours on this and went down a bunch of rat holes all 
having to do with time sync and certificates, etc. NOTHING worked until I 
found you small post here. There are tons of entries all over the web with 
this issue and no good solutions. I appreciate your advice.

Steve

On Monday, January 14, 2013 1:06:37 PM UTC-5, RedJinnee
wrote:
>
> By default the client request the revocation list from the master, you can 
> disable that by setting it''s property to false.
> in puppet.conf add
>     certificate_revocation = false
>
> then, puppet agent -t 
>
> hope this helps.
>
> On Tuesday, December 18, 2012 7:05:43 AM UTC-5, Vishal Asai wrote:
>>
>> Hi Ajeet,
>>
>> Did you find any work around this issue?
>>
>> I am having exactly the same issue and I tried all possible ways to fix
>> it but didn''t get any success.
>>
>> Please let me know.  Thanks in advance.
>>
>> Cheers.
>>
>> On Tuesday, 28 August 2012 18:38:51 UTC+9:30, Ajeet Raina wrote:
>>>
>>> Hi,
>>>
>>> I have a puppet master and agent installed. I want to generate and 
>>> configure master-agent certificate and followed the steps:
>>>
>>>     Master:
>>>     =========>>>     1. Cleaned up all certificate on
Master:
>>>      
>>>     [root@puppet-server manifests]# puppet cert sign --all
>>>     No waiting certificate requests to sign
>>>     [root@puppet-server manifests]# puppet cert clean --all
>>>     notice: Revoked certificate with serial 16
>>>     notice: Removing file Puppet::SSL::Certificate 
>>> puppet-client.test.com at 
>>>
''/var/lib/puppet/ssl/ca/signed/puppet-client.test.com.pem''
>>>     notice: Removing file Puppet::SSL::Certificate 
>>> puppet-client.test.com at 
>>>
''/var/lib/puppet/ssl/certs/puppet-client.test.com.pem''
>>>     [root@puppet-server manifests]# puppet cert clean --all
>>>     [root@puppet-server manifests]#
>>>      
>>>     2. Removed all ssl/* from Agent
>>>      
>>>     [root@puppet-client yum.repos.d]# rm -fr /var/lib/puppet/ssl/*
>>>     [root@puppet-client yum.repos.d]# cd /var/lib/puppet/ssl/
>>>     [root@puppet-client ssl]# ls
>>>     [root@puppet-client ssl]#
>>>      
>>>     3. Generating Certificate from Agent:
>>>      
>>>     [root@puppet-client ssl]# puppet agent --test --verbose
--server
>>> puppet-server.test.com
>>>     info: Creating a new SSL key for puppet-client.test.com
>>>     info: Caching certificate for ca
>>>     info: Creating a new SSL certificate request for 
>>> puppet-client.test.com
>>>     info: Certificate Request fingerprint (md5): 
>>> AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1
>>>     Exiting; no certificate found and waitforcert is disabled
>>>     [root@puppet-client ssl]#
>>>      
>>>     4. Accepting it through Master:
>>>      
>>>     [root@puppet-server manifests]# puppetca -l
>>>       "puppet-client.test.com" 
>>> (AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1)
>>>     [root@puppet-server manifests]#
>>>     [root@puppet-server manifests]# puppet cert sign --all
>>>     notice: Signed certificate request for puppet-client.test.com
>>>     notice: Removing file Puppet::SSL::CertificateRequest 
>>> puppet-client.test.com at 
>>>
''/var/lib/puppet/ssl/ca/requests/puppet-client.test.com.pem''
>>>     [root@puppet-server manifests]#
>>>      
>>>     Well going.
>>>      
>>>     5.[root@puppet-client ssl]# puppet agent --test --verbose
--server
>>> puppet-server.test.com
>>>     info: Caching certificate for puppet-client.test.com
>>>     info: Caching certificate_revocation_list for ca
>>>     err: Could not retrieve catalog from remote server: SSL_connect
>>> returned=1 errno=0 state=SSLv3 read server certificate B:
certificate
>>> verify failed: [certificate revoked for /CN=puppet-server.test.com]
>>>     warning: Not using cache on failed catalog
>>>     err: Could not retrieve catalog; skipping run
>>>     err: Could not send report: SSL_connect returned=1 errno=0 
>>> state=SSLv3 read server certificate B: certificate verify failed: 
>>> [certificate revoked for /CN=puppet-server.test.com]
>>>     [root@puppet-client ssl]#
>>>      
>>> I tried to remove all the certificate from agent manually 
>>> /var/lib/puppet/ssl/* but things dint fix the issue.
>>> I also tried to generate the certificate on server through :
>>>
>>> puppet agent --test --server=`hostname`
>>>
>>> and then performed all the steps above. No Luck with this too.
>>>
>>> How to fix this issue?
>>>
>>>
>>>
>>>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

I am running into the same problem and it just dawned on me that Solaris 
might put it in another directory, the master is redhat, the clients are 
Solaris.

What would change for a solaris certificate?

On Tuesday, August 28, 2012 2:08:51 AM UTC-7, Ajeet Raina
wrote:
>
> Hi,
>
> I have a puppet master and agent installed. I want to generate and 
> configure master-agent certificate and followed the steps:
>
>     Master:
>     =========>     1. Cleaned up all certificate on Master:
>      
>     [root@puppet-server manifests]# puppet cert sign --all
>     No waiting certificate requests to sign
>     [root@puppet-server manifests]# puppet cert clean --all
>     notice: Revoked certificate with serial 16
>     notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat
''/var/lib/puppet/ssl/ca/signed/puppet-client.test.com.pem''
>     notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat
''/var/lib/puppet/ssl/certs/puppet-client.test.com.pem''
>     [root@puppet-server manifests]# puppet cert clean --all
>     [root@puppet-server manifests]#
>      
>     2. Removed all ssl/* from Agent
>      
>     [root@puppet-client yum.repos.d]# rm -fr /var/lib/puppet/ssl/*
>     [root@puppet-client yum.repos.d]# cd /var/lib/puppet/ssl/
>     [root@puppet-client ssl]# ls
>     [root@puppet-client ssl]#
>      
>     3. Generating Certificate from Agent:
>      
>     [root@puppet-client ssl]# puppet agent --test --verbose --server 
> puppet-server.test.com
>     info: Creating a new SSL key for puppet-client.test.com
>     info: Caching certificate for ca
>     info: Creating a new SSL certificate request for 
> puppet-client.test.com
>     info: Certificate Request fingerprint (md5): 
> AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1
>     Exiting; no certificate found and waitforcert is disabled
>     [root@puppet-client ssl]#
>      
>     4. Accepting it through Master:
>      
>     [root@puppet-server manifests]# puppetca -l
>       "puppet-client.test.com" 
> (AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1)
>     [root@puppet-server manifests]#
>     [root@puppet-server manifests]# puppet cert sign --all
>     notice: Signed certificate request for puppet-client.test.com
>     notice: Removing file Puppet::SSL::CertificateRequest 
> puppet-client.test.com at 
>
''/var/lib/puppet/ssl/ca/requests/puppet-client.test.com.pem''
>     [root@puppet-server manifests]#
>      
>     Well going.
>      
>     5.[root@puppet-client ssl]# puppet agent --test --verbose --server 
> puppet-server.test.com
>     info: Caching certificate for puppet-client.test.com
>     info: Caching certificate_revocation_list for ca
>     err: Could not retrieve catalog from remote server: SSL_connect 
> returned=1 errno=0 state=SSLv3 read server certificate B: certificate 
> verify failed: [certificate revoked for /CN=puppet-server.test.com]
>     warning: Not using cache on failed catalog
>     err: Could not retrieve catalog; skipping run
>     err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 
> read server certificate B: certificate verify failed: [certificate revoked 
> for /CN=puppet-server.test.com]
>     [root@puppet-client ssl]#
>      
> I tried to remove all the certificate from agent manually 
> /var/lib/puppet/ssl/* but things dint fix the issue.
> I also tried to generate the certificate on server through :
>
> puppet agent --test --server=`hostname`
>
> and then performed all the steps above. No Luck with this too.
>
> How to fix this issue?
>
>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

I got mine solved...on puppet labs enterprise edition..


On each  Client which is not connecting right …giving that error on puppet 
agent -t

 cd /etc/puppetlabs/puppet/ ssl

  rm -rf ca certs public_keys certificate_requsts private_keys  # make sure 
all files removed from SSL dir

 puppet agent –t  # this will run a few minutes the first time.

 THEN On server:
puppet cert clean  p11.mync.com

   puppet cert list  

   cd /etc/init.d/

./pe-httpd restart

   puppet cert list

   puppet cert sign –a   # if you recognize all the servers in your cert 
list.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

To add on to Dan''s steps which I used as a base. For PE 2.8.3, I had to
do:


(AGENT) sudo rm -rf /etc/puppetlabs/puppet/ssl/*

(MASTER) puppet cert clean myserver.domain.com

(AGENT) sudo puppet agent -t
 
(MASTER) puppet cert list # confirmed new request was pending

(MASTER) sudo /etc/init.d/pe-httpd restart

(MASTER) puppet cert list # confirm request is STILL pending

(MASTER) puppet cert sign -a # sign all pending requests

On Monday, June 3, 2013 3:56:19 PM UTC-4, Dan Hyatt
wrote:
>
> I got mine solved...on puppet labs enterprise edition..
>
>
> On each  Client which is not connecting right …giving that error on puppet 
> agent -t
>
>  cd /etc/puppetlabs/puppet/ ssl
>
>   rm -rf ca certs public_keys certificate_requsts private_keys  # make 
> sure all files removed from SSL dir
>
>  puppet agent –t  # this will run a few minutes the first time.
>
>  THEN On server:
> puppet cert clean  p11.mync.com
>
>    puppet cert list  
>
>    cd /etc/init.d/
>
> ./pe-httpd restart
>
>    puppet cert list
>
>    puppet cert sign –a   # if you recognize all the servers in your cert 
> list.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/322a3989-9e95-4ab7-a97e-c2293a93d5ea%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.