khoibui@peoplebrowsr.com
2013-Jun-06 08:25 UTC
[Puppet Users] Trouble getting puppet config from client to master (Certificate verify failed).
Hello, I''m having trouble between the client and the master. Please help! *root@r3:~# puppet agent --test* Info: Caching certificate for r3.pb Info: Caching certificate_revocation_list for ca Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com] Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com] Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com] Could not retrieve file metadata for puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com] Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com] I''ve tried to remove all of the SSL files on the client: root@r3:~# rm -rf /var/lib/puppet/ssl/* And then clean from the master: root@masterdns:~# puppet cert clean r3.pb Then restart the client''s puppet agent and sign the client again. But it still doesn''t work! Please help. Thanks, Khoi -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Jakov Sosic
2013-Jun-07 21:37 UTC
Re: [Puppet Users] Trouble getting puppet config from client to master (Certificate verify failed).
On 06/06/2013 10:25 AM, khoibui@peoplebrowsr.com wrote:> Then restart the client''s puppet agent and sign the client again. But it > still doesn''t work!Try to sync clock of both master and client to same NTP server. -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
badgerea@hotmail.com
2013-Jun-08 17:20 UTC
[Puppet Users] Re: Trouble getting puppet config from client to master (Certificate verify failed).
> Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server > certificate B: certificate verify failed: [certificate revoked for /CN> masterdns.peoplebrowsr.com] >It looks like your puppetmaster''s cert has been revoked (not the client''s). I think it may be necessary to blow away your master''s ssl stuff and regenerate (which also means regenerating certs for every client). You can do this by stopping puppetmaster, removing /var/lib/puppet/ssl (on the master), and restarting the master (I tried this with a 3.2.1 master). Someone wiser might have a smarter solution to this... Eric -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Apparently Analagous Threads
- err: Signing certificate error: Could not render to pson: getaddrinfo: Name or service not known
- Unable to Connect to Master
- Puppet Certificate verify failed
- SSL issues - certificate verify failed
- Puppet ssl errors " SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"