José Luis Ledesma
2014-May-05 16:35 UTC
Re: [Puppet Users] puppet client server - couldnt able to verify certificate
I think there is some misunderstood here. First launch the agent, it will generate a certificate for it. Then you should sign it in the master. It seems that you did generate one in the master and sign it, and expected to be received by the client, but the certificate should be generated in the client and be signed by then master. Regards, El 05/05/2014 14:59, "Ramkumar Nagaraj" <ram2valar@gmail.com> escribió:> We tried to setup puppet client-server architecture setup by installing > puppet-server (through Yum repository) in puppet master and puppet (through > Yum repository) in another server (client) machine. During this client is > trying to receive the signed certificate from puppet-master server it > failed with following error: > > Puppet master: [root@puppet-master ~]# puppetca --list > > "puppet-client1" (BF:56:F7:B3:FB:CA:6A:9A:44:9B:9E:0C:BE:F3:5D:FD) > > [root@puppet-master ~]# puppetca --sign puppet-client1 > > notice: Signed certificate request for puppet-client1 > > notice: Removing file Puppet::SSL::CertificateRequest puppet-client1 at > '/var/lib/puppet/ssl/ca/requests/puppet-client1.pem' > > Puppet Client: [root@puppet-client1 ~]# puppet agent --verbose --logdest > console --no-daemonize --server=puppet-master > > info: Creating a new SSL key for puppet-client1 > > info: Caching certificate for ca > > info: Creating a new SSL certificate request for puppet-client1 > > info: Certificate Request fingerprint (md5): > BF:56:F7:B3:FB:CA:6A:9A:44:9B:9E:0C:BE:F3:5D:FD > > notice: Did not receive certificate > > info: Caching certificate for puppet-client1 > > notice: Starting Puppet client version 2.7.23 > > err: Could not retrieve catalog from remote server: SSL*connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed: [certificate signature failure for /CN=puppet-master] * > > *notice: Using cached catalog * > > *err: Could not retrieve catalog; skipping run err: Could not send report: > SSL*connect returned=1 errno=0 state=SSLv3 read server certificate B: > certificate verify failed: [certificate signature failure for > /CN=puppet-master] > > Rgrds, Ram. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscribe@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/726017a6-1cda-4cd8-ac4a-d06a16cb60f2%40googlegroups.com<https://groups.google.com/d/msgid/puppet-users/726017a6-1cda-4cd8-ac4a-d06a16cb60f2%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAF_B3df%2BP6wZFZVt8wyDz8t0oYAevJzx_OccAEqsGfjQ87Se0w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.