search for: ca_crt

...ms to puppet still works... what problems could it cause to my conf? # grep lib mongrel.conf SSLCertificateFile /var/lib/puppet/ssl/certs/gridinstall.pic.es.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/gridinstall.pic.es.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem TIA, Arnau --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users&qu...

...ooted. After reboot all nodes could connect successfully *except* the puppet server itself: the old error message was back. After some digging, I found in $ssldir the following files that were created around the time that the old puppet server was created: certs/ca.pem ca/private/ca.pass ca/ca_crt.pem ca/ca_pub.pem ca/ca_key.pem certs/ca.pem and ca/ca_crt.pem (which are identical files) both contain: Issuer: CN=puppet.domain.com Validity Not Before: Mar 25 15:51:31 2008 GMT Not After : Mar 24 15:51:31 2013 GMT Subject: CN=puppet.domain.com I imagine I could solve this...

...ert from the 1st master, and I copy it over to the 2nd puppetmaster: puppet1>scp private_keys/puppetmaster2.pem root@puppet2:/var/lib/puppet/ssl/private_keys/puppetmaster2.pem puppet1>scp ca/signed/puppetmaster2.pem root@puppet2:/var/lib/puppet/ssl/certs/puppetmaster2.pem puppet1>scp ca/ca_crt.pem root@puppet2:/var/lib/puppet/ssl/certs/ca.pem I get the following error: "Starting puppetmaster: Could not prepare for execution: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key" Does anyone have a bette...

...test1.localdomain.pem: OK # puppetd --test notice: Ignoring cache err: Could not retrieve catalog: Certificates were not trusted: tlsv1 alert unknown ca warning: Not using cache on failed catalog /var/lib/puppet/ssl/certs/ca.pem on the client is exactly the same content as /var/lib/puppet/ssl/ca/ca_crt.pem on the puppetmaster. The client cert was generated on the root puppet CA. The root puppet CA is the one that signed the local puppet server''s cert. Am I correct in expecting that to work? Thanks in advance, .r'' --~--~---------~--~----~------------~-------~--~----~ You re...

...CipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /drbd01/puppet/var/lib/puppet/ssl/certs/ puppetmaster.foo.bar.pem SSLCertificateKeyFile /drbd01/puppet/var/lib/puppet/ssl/ private_keys/puppetmaster.foo.bar.pem SSLCertificateChainFile /drbd01/puppet/var/lib/puppet/ssl/ca/ ca_crt.pem SSLCACertificateFile /drbd01/puppet/var/lib/puppet/ssl/ca/ ca_crt.pem # CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the nex t line # SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional S...

...v2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/<puppetmaster>.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/ <puppetmaster>.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData # These req...

...All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/pmaster.localdomain.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/pmaster.localdomain.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData DocumentRoot /usr/share/puppet/rack/puppetm...

...herSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/medion.chatillon.betrancourt.net.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/medion.chatillon.betrancourt.net.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1...

...SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/sys-ubuntu.arl.qwestip.net.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/sys-ubuntu.arl.qwestip.net.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_c...

Hello All, I don''t seem to be able to get reports to display on the foreman interface. I copied extras/puppet/foreman/files/foreman-report.rb to / usr/lib/ruby/site_ruby/1.8/puppet/reportsforeman.rb, instead of /usr/ lib/ruby/1.8/puppet/reports/foreman.rb. Config: Centos5.4, Apache/ Passenger, Puppet 0.25.4. The reports are coming from the clients, because I can see them in

...be the one speaking ssl and making client ssl certificate signature verification. I read the pound and the ngnix wiki article and i am a bit confused here. Lets see for nginx: ssl_certificate cert.pem; ssl_certificate_key cert.key; ssl_client_certificate /etc/puppet/ssl/ca/ca_crt.pem (and ssl_verify_client on; in the server setting) So here i took the debian default ssl config and added the last line ''ssl_client_certificate'' with the same cert used on the pound wiki. Does it make the things secure ? Could anyone clarify the security r...

...Protocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_...

...SA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP > > SSLCertificateFile > /var/lib/puppet/ssl/certs/vmm-atds-pup-05.cern.ch.pem > SSLCertificateKeyFile > /var/lib/puppet/ssl/private_keys/vmm-atds-pup-05.cern.ch.pem > SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem > SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem > # If Apache complains about invalid signatures on the CRL, you can > try disabling > # CRL checking by commenting the next line, but this is not > recommended. > SSLCARevocationFile...

...test > notice: Ignoring cache > err: Could not retrieve catalog: Certificates were not trusted: tlsv1 > alert unknown ca > warning: Not using cache on failed catalog > > > /var/lib/puppet/ssl/certs/ca.pem on the client is exactly the same > content as /var/lib/puppet/ssl/ca/ca_crt.pem on the puppetmaster. The > client cert was generated on the root puppet CA. The root puppet CA > is the one that signed the local puppet server''s cert. Am I correct > in expecting that to work? > > Thanks in advance, > > .r'' > --~--~---------~--~---...

...ity. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/hostname.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/hostname.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData # These request headers are used to pass th...

...140 <VirtualHost *:8140> SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /var/lib/puppet/ssl/certs/sys-ubuntu.arl.qwestip.net.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/sys-ubuntu.arl.qwestip.net.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLO...

Dear experts, Since I''ve moved my *puppetmaster* form SL5 (Scientific Linux) to SL6 with SELinux on, I''m facing loads of trouble. I also move away from WEBrick to apache/passenger, following the instruction here: http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger > and I can''t start httpd any more. It fails with this: Starting httpd: (98)Address

...7451]: Finishing transaction 69878528449220 Aug 7 14:33:38 puppetmaster-02 puppet-master[27451]: Finishing transaction 69878528449220 Aug 7 14:33:38 puppetmaster-02 puppet-master[27451]: Using settings: adding file resource ''cacert'': ''File[/var/lib/puppet/.puppet/ssl/ca/ca_crt.pem]{:links=>:follow, :ensure=>:file, :backup=>false, :mode=>"660", :loglevel=>:debug, :path=>"/var/lib/puppet/.puppet/ssl/ca/ca_crt.pem"}'' Aug 7 14:33:38 puppetmaster-02 puppet-master[27451]: Using settings: adding file resource ''cacert'...

...3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-master2.test.net.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-master4.test.net.pem #SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem #SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. #SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSL...

...I tried a lot of things following the different threads but I only managed to mess a little bit more with my server :-( At least, I know my truststore should be wrong as "*keytool -list -keystore /etc/puppetdb/ssl/truststore*" and "*openssl x509 -noout -in /var/lib/puppet/ssl/ca/ca_crt.pem -fingerprint*" do not match. The only thing is that I do not have the first idea on how to solve this... Any idea ? Puppetmaster, dashboard & puppedb are on the same server (Distro = RHEL5.9) I get the same error even on the puppetmaster server. Regards -- You received this mes...