Puppet users - Aug 2012 - Could not retrieve catalog from remote server

I''m trying to get puppet to connect to my puppetmaster, but I keep
getting
the same error.

err: Could not retrieve catalog from remote server: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed

I''ve made sure ntpd is running during the kickstart and that the times
are
the same on both machines.  I''ve also ran puppet cert --clean --all on
the
puppetmaster.  I have the puppetmaster set to autosign all certs.

Any ideas what I''m missing?  Everything I''ve found says to
make sure the
clocks are the same, which I''ve already done.  I did see one post
talking
about an issue with Ruby 1.9.2, but I''m running 1.8.7.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,,

Have you tried deleting the existing directory of master and agent..
rm -frv /var/lib/puppet/ssl

Try this and see if this work!!

Regards,
Ashish Jaiswal
On Aug 28, 2012 8:58 PM, "Bai Shen" <baishen.lists@gmail.com>
wrote:
> I''m trying to get puppet to connect to my puppetmaster, but I keep
getting
> the same error.
>
> err: Could not retrieve catalog from remote server: SSL_connect returned=1
> errno=0 state=SSLv3 read server certificate B: certificate verify failed
>
> I''ve made sure ntpd is running during the kickstart and that the
times are
> the same on both machines.  I''ve also ran puppet cert --clean
--all on the
> puppetmaster.  I have the puppetmaster set to autosign all certs.
>
> Any ideas what I''m missing?  Everything I''ve found says
to make sure the
> clocks are the same, which I''ve already done.  I did see one post
talking
> about an issue with Ruby 1.9.2, but I''m running 1.8.7.
>
> Thanks.
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

That didn''t seem to help.  I got some weird errors about the certs not
being able to be signed.  I was finally able to get one test run, but after
that it went back to giving me the same error.

Any other suggestions?

On Tue, Aug 28, 2012 at 12:18 PM, Ashish Jaiswal
<ashish1099@gmail.com>wrote:
> Hi,,
>
> Have you tried deleting the existing directory of master and agent..
> rm -frv /var/lib/puppet/ssl
>
> Try this and see if this work!!
>
> Regards,
> Ashish Jaiswal
> On Aug 28, 2012 8:58 PM, "Bai Shen"
<baishen.lists@gmail.com> wrote:
>
>> I''m trying to get puppet to connect to my puppetmaster, but I
keep
>> getting the same error.
>>
>> err: Could not retrieve catalog from remote server: SSL_connect
>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate
>> verify failed
>>
>> I''ve made sure ntpd is running during the kickstart and that
the times
>> are the same on both machines.  I''ve also ran puppet cert
--clean --all on
>> the puppetmaster.  I have the puppetmaster set to autosign all certs.
>>
>> Any ideas what I''m missing?  Everything I''ve found
says to make sure the
>> clocks are the same, which I''ve already done.  I did see one
post talking
>> about an issue with Ruby 1.9.2, but I''m running 1.8.7.
>>
>> Thanks.
>>
>>  --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,

You sure, cos it seem to be really ugly certificate issue

openssl x509 -text -noout -in 
/var/lib/puppet/ssl/certs/hostname.tld.pem | grep -A2 Validity

Can you check the time period of your certificate.. and compare it with 
master one.
if it is same, then something serious is happening

Regards,
System Admin
Ashish Jaiswal

On Tuesday 28 August 2012 10:55:14 PM IST, Bai Shen
wrote:
> That didn''t seem to help.  I got some weird errors about the certs
not
> being able to be signed.  I was finally able to get one test run, but
> after that it went back to giving me the same error.
>
> Any other suggestions?
>
> On Tue, Aug 28, 2012 at 12:18 PM, Ashish Jaiswal <ashish1099@gmail.com
> <mailto:ashish1099@gmail.com>> wrote:
>
>     Hi,,
>
>     Have you tried deleting the existing directory of master and agent..
>     rm -frv /var/lib/puppet/ssl
>
>     Try this and see if this work!!
>
>     Regards,
>     Ashish Jaiswal
>
>     On Aug 28, 2012 8:58 PM, "Bai Shen"
<baishen.lists@gmail.com
>     <mailto:baishen.lists@gmail.com>> wrote:
>
>         I''m trying to get puppet to connect to my puppetmaster,
but I
>         keep getting the same error.
>
>         err: Could not retrieve catalog from remote server:
>         SSL_connect returned=1 errno=0 state=SSLv3 read server
>         certificate B: certificate verify failed
>
>         I''ve made sure ntpd is running during the kickstart and
that
>         the times are the same on both machines.  I''ve also ran
puppet
>         cert --clean --all on the puppetmaster.  I have the
>         puppetmaster set to autosign all certs.
>
>         Any ideas what I''m missing?  Everything I''ve
found says to
>         make sure the clocks are the same, which I''ve already
done.  I
>         did see one post talking about an issue with Ruby 1.9.2, but
>         I''m running 1.8.7.
>
>         Thanks.
>
>         --
>         You received this message because you are subscribed to the
>         Google Groups "Puppet Users" group.
>         To post to this group, send email to
>         puppet-users@googlegroups.com
>         <mailto:puppet-users@googlegroups.com>.
>         To unsubscribe from this group, send email to
>         puppet-users+unsubscribe@googlegroups.com
>         <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>         For more options, visit this group at
>         http://groups.google.com/group/puppet-users?hl=en.
>
>     --
>     You received this message because you are subscribed to the Google
>     Groups "Puppet Users" group.
>     To post to this group, send email to puppet-users@googlegroups.com
>     <mailto:puppet-users@googlegroups.com>.
>     To unsubscribe from this group, send email to
>     puppet-users+unsubscribe@googlegroups.com
>     <mailto:puppet-users%2Bunsubscribe@googlegroups.com>.
>     For more options, visit this group at
>     http://groups.google.com/group/puppet-users?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.