Puppet users - Nov 2013 - puppet-users-br err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=unknown sta

Just installed the puppet master server in
and the client just installed the puppet

I managed to sign the certificates

root@Puppetmaster:/etc/puppet# puppet cert --list --all
+ "puppetclient" (96:9A:C3:8D:B6:72:A4:5F:01:AA:40:A9:95:3E:FB:D2)
+ "puppetmaster" (12:92:DF:EB:72:E5:DF:99:D8:22:CA:5F:22:3A:1D:61)

at the time I create the file site.pp in / etc / puppet / manifests / 
puppetmaster in
and will apply the client through the command puppet agent - test
the following message appears

root@Puppetclient:~#  puppet agent --test
err: Could not retrieve catalog from remote server: SSL_connect returned=1 
errno=0 state=SSLv3 read server certificate B: certificate verify failed: 
[self signed certificate in certificate chain for /CN=Puppet CA: 
puppetmaster]
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read 
server certificate B: certificate verify failed: [self signed certificate 
in certificate chain for /CN=Puppet CA: puppetmaster]


My hosts are well on the client

#.55 eh o cliente
#.145 eh o master

192.168.0.55     puppet 
192.168.0.145    puppetmaster


127.0.0.1       localhost
127.0.1.1       Puppetclient

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


And in the master hosts is well

192.168.0.55     puppet               
192.168.0.145    puppetmaster


127.0.0.1       localhost
127.0.1.1       Puppetmaster

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


AS site.pp settings are well on master

node puppetclient {
        include ntp
}

class ntpd {
        package { ''ntp'':
                ensure => present,
        }

        service { ''ntp'':
                ensure     => running,
        }
}
 
the File: / etc / puppet / puppet.conf the client is well


[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
server=puppetmaster



[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY



And so in this MASTER

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY




I do not know what to do anymore :/ already searched on google this error 
and nothing, if anyone can help me please, it''s been awhile that
I''m
fighting with the puppet, the tutorial did not understand English very 
well, I am following the link we mentioned above, since thanks guys, sorry 
there anything.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/f85b0ca6-79f3-4020-97d2-1574d7eae098%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Hi,

on this agent machine, is there a /var/lib/puppet/ssl/certs/ca.pem?

If so, what is the output of

openssl x509 -issuer -subject -noout -in /var/lib/puppet/ssl/certs/ca.pem

Thanks,
Felix

On 11/28/2013 12:09 PM, Caio Pedroso wrote:
> root@Puppetclient:~#  puppet agent --test
> err: Could not retrieve catalog from remote server: SSL_connect
> returned=1 errno=0 state=SSLv3 read server certificate B: certificate
> verify failed: [self signed certificate in certificate chain for
> /CN=Puppet CA: puppetmaster]
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3
> read server certificate B: certificate verify failed: [self signed
> certificate in certificate chain for /CN=Puppet CA: puppetmaster]
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/529F294E.3070109%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.