Tom Albrecht
2014-Mar-26 21:55 UTC
[Puppet Users] Using Puppet with a self-signed ssl certificate
The corporate environment I'm in is doing ssl decryption on their traffic, and therefore requires a corporate self-signed ssl certificate to be installed on any clients throughout the enterprise. I have a puppet server (CentOS 6.5) with the cert installed, and the agent on the server will no longer connect to itself. I get the following error: [root@foo certs]# puppet agent --test Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for ...] Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for ...] Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for ...] Could not retrieve file metadata for puppet://taisrsvr01/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for ...] Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for ...] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for ...] The "..." is information on the self-signed cert. I've already been banging my head just trying to get the whole ssl cert stuff working, and it's very possible I screwed something up. Any ideas? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/07a90abe-0a78-4630-a09a-3e99a23ec546%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.