Ronald Frye
2013-Dec-02 20:48 UTC
[Puppet Users] Tracking Bug #21869, Subject is: Error: Could not request certificate:stack level too deep", does not explain the workaround clearly.
I''m setting up Puppet with externally supported x.509 certificates from a single CA and I''m encountering this error. The workaround states to copy the CA''s public key from the master to node, however this situation is the node agent on the actual puppet master server. The CA or issuer of the both the master and agent certificates is present and available and I have copied into the ca.pem file as stated. In this configuration the Master Puppet server is not functioning as a traditional self-signed CA. I have followed the directions for configuring this setup in the puppet.conf and other configuration files for apache/passenger/rack. I have tested both the puppet master and agent node x.509 certificates to access the apache/passenger configured site using FF and curl with no errors over port 1840. The bug report does not give enough details about the work around to be sure how this resolve this problem. The fix has been extended into a later product version as well. Other Platform details: Linux 2.6.18-371.1.2.el5 Apache 2.4.4 Passenger 4.0.19 Openssl 0.9.8e Puppet 3.3.1 rc1 So looking for suggestions on how to overcome this configuration and product support problem. raf. -- This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. Although this email and any attachments are believed to be free of any virus or other defects which might affect any computer or IT system into which they are received, no responsibility is accepted for any loss or damage arising in any way from the receipt or use thereof. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5a57052f-2f6c-4bd5-a9a7-12daba9c0588%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Ronald Frye
2013-Dec-03 18:46 UTC
[Puppet Users] Re: Tracking Bug #21869, Subject is: Error: Could not request certificate:stack level too deep", does not explain the workaround clearly.
On Monday, December 2, 2013 3:48:30 PM UTC-5, Ronald Frye wrote:> > I''m setting up Puppet with externally supported x.509 certificates from a > single CA and I''m encountering this error. The workaround states to copy > the CA''s public key from the master to node, however this situation is the > node agent on the actual puppet master server. The CA or issuer of the > both the master and agent certificates is present and available and I have > copied into the ca.pem file as stated. In this configuration the Master > Puppet server is not functioning as a traditional self-signed CA. I have > followed the directions for configuring this setup in the puppet.conf and > other configuration files for apache/passenger/rack. > > I have tested both the puppet master and agent node x.509 certificates to > access the apache/passenger configured site using FF and curl with no > errors over port 8140 (updated port typo). The bug report does not give > enough details about the work around to be sure how this resolve this > problem. The fix has been extended into a later product version as well. > > Other Platform details: > > Linux 2.6.18-371.1.2.el5 > Apache 2.4.4 > Passenger 4.0.19 > Openssl 0.9.8e > Puppet 3.3.1 rc1 > > So looking for suggestions on how to overcome this configuration and > product support problem. > > raf. > > This email is confidential and intended solely for the use of the > individual to whom it is addressed. If you are not the intended recipient, > be advised that you have received this email in error and that any use, > dissemination, forwarding, printing, or copying of this email is strictly > prohibited. If you have received this email in error please contact the > sender. Although this email and any attachments are believed to be free of > any virus or other defects which might affect any computer or IT system > into which they are received, no responsibility is accepted for any loss or > damage arising in any way from the receipt or use thereof.-- This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. Although this email and any attachments are believed to be free of any virus or other defects which might affect any computer or IT system into which they are received, no responsibility is accepted for any loss or damage arising in any way from the receipt or use thereof. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4fe95b2f-71e1-4976-90ac-1600e983ee88%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.