Puppet users - Jun 2013 - Trouble getting puppet config from client to master (Certificate verify failed).

Hello,

I''m having trouble between the client and the master. Please help! 

*root@r3:~# puppet agent --test*
Info: Caching certificate for r3.pb
Info: Caching certificate_revocation_list for ca
Warning: Unable to fetch my node definition, but the agent run will 
continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate 
B: certificate verify failed: [certificate revoked for 
/CN=masterdns.peoplebrowsr.com]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources 
using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read 
server certificate B: certificate verify failed: [certificate revoked for 
/CN=masterdns.peoplebrowsr.com]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect 
returned=1 errno=0 state=SSLv3 read server certificate B: certificate 
verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com] 
Could not retrieve file metadata for puppet://puppet/plugins: SSL_connect 
returned=1 errno=0 state=SSLv3 read server certificate B: certificate 
verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com]
Error: Could not retrieve catalog from remote server: SSL_connect 
returned=1 errno=0 state=SSLv3 read server certificate B: certificate 
verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 
read server certificate B: certificate verify failed: [certificate revoked 
for /CN=masterdns.peoplebrowsr.com]

I''ve tried to remove all of the SSL files on the client:
root@r3:~# rm -rf /var/lib/puppet/ssl/*

And then clean from the master:
root@masterdns:~# puppet cert clean r3.pb

Then restart the client''s puppet agent and sign the client again. But
it
still doesn''t work!

Please help.

Thanks,
Khoi

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

On 06/06/2013 10:25 AM, khoibui@peoplebrowsr.com wrote:
> Then restart the client''s puppet agent and sign the client again.
But it
> still doesn''t work!
Try to sync clock of both master and client to same NTP server.


-- 
Jakov Sosic
www.srce.unizg.hr

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

> Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server 
> certificate B: certificate verify failed: [certificate revoked for /CN>
masterdns.peoplebrowsr.com]
>
It looks like your puppetmaster''s cert has been revoked (not the
client''s).
I think it may be necessary to blow away your master''s ssl stuff and 
regenerate (which also means regenerating certs for every client). You can 
do this by stopping puppetmaster, removing /var/lib/puppet/ssl (on the 
master), and restarting the master (I tried this with a 3.2.1 master). 
Someone wiser might have a smarter solution to this...

Eric

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.