search for: truststore

...connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=rebitpuppet01.cegedim]* I tried a lot of things following the different threads but I only managed to mess a little bit more with my server :-( At least, I know my truststore should be wrong as "*keytool -list -keystore /etc/puppetdb/ssl/truststore*" and "*openssl x509 -noout -in /var/lib/puppet/ssl/ca/ca_crt.pem -fingerprint*" do not match. The only thing is that I do not have the first idea on how to solve this... Any idea ? Puppetmaster, dash...

...d pick the certificate from my client (I've also tried it out with gnutls-cli as well), I get the following errors in Dovecot's log: imap-login: Info: Invalid certificate: Different CRL scope: /CN=Example Root CA/O=Example Inc./C=RS As per the wiki2 configuration page, I've set up the truststore in the following order (everything PEM-encoded): Example Person CA Certificate Example Person CA CRL Example Root CA Certificate Example Root CA CRL Person CA is the one issuing the end-entity certificates, of course. I'm also attaching the certificate I've used for testing. On additiona...

...rd in /etc/puppetdb/conf.d/jetty.ini. Updated default settings from package installation for trust-password in /etc/puppetdb/conf.d/jetty.ini. Updated default settings from package installation for keystore in /etc/puppetdb/conf.d/jetty.ini. Updated default settings from package installation for truststore in /etc/puppetdb/conf.d/jetty.ini. Verifying : puppetdb-1.3.0-1.el6.noarch 1/1 Installed: puppetdb.noarch 0:1.3.0-1.el6...

...> --- > > #!/bin/bash > > RETVAL=$? export JAVA_HOME=/opt/java export JDK_HOME=/opt/jdk > export FEDORA_HOME=/var/fedora export > CATALINA_HOME=$FEDORA_HOME/tomcat export JAVA_OPTS=''-Xmx512M > -Xms128M -XX:MaxPermSize=256M -Dfile.encoding=UTF-8 > -Djavax.net.ssl.trustStore=/var/fedora/server/truststo re > -Djavax.net.ssl.trustStorePassword=tomcat'' export > PATH=$JAVA_HOME/bin:$MAVEN_HOME/bin:$FEDORA_HOME/server/bin:$FEDORA_HOME/client/bin:$PATH > > > > case "$1" in > start) if [ -f $CATALINA_HOME/bin/startup.sh ]; then echo &qu...

Greetings, we are trying to setup puppetdb, nut our clients get the following error: Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 400 on SERVER: Could not retrieve facts for lxa7t.unix.lan: Failed to submit ''replace facts'' command for lxa7t.unix.lan to PuppetDB at puppetdb:8081: Connection refused - connect(2) Info: Retrieving

PuppetDB is operating fine, but I can''t figure out how to disable it from listening globally on TCP 1099 or 58722 How do I disable them from listening globally without having to resort to iptables? $ lsof -i -n -P | grep java | grep LISTEN java 30115 puppetdb 22u IPv6 119118 0t0 TCP *:1099 (LISTEN) java 30115 puppetdb 23u IPv6 117236 0t0 TCP *:58772

...is an alias for gaia.local. *Extra info:* For completeness, the error on the puppetdb is: WARN [qtp788652058-42] [io.nio] javax.net.ssl.SSLHandshakeException: null cert chain keystore.jks on the puppetdb has puppetdb.local with print 8C:E6:D1:02:89:9E:25:D3:E8:8F:63:75:8F:85:59:B5:17:BE:F8:47 truststore.jks on puppetdb has ''puppetdb ca'' with print 62:8F:76:CE:5C:9D:23:B0:1D:9D:7A:2F:39:5A:74:43:1D:BB:D9:1E $ openssl verify -CAfile /etc/puppet/ssl/ca/ca_crt.pem `puppet master --configprint hostcert` /etc/puppet/ssl/certs/puppetdb.kahuna.local.pem: OK (yes, I have the SSL certs...

trying to deploy puppetdb , puppet server is RHEL 6.1 , [root@puppet ~]# rpm -qa|grep puppet puppetdb-0.9.1-2.el6.noarch puppet-dashboard-1.2.9-1.el6.noarch puppet-server-2.7.17-1.el6.noarch puppetdb-terminus-0.9.1-2.el6.noarch puppet-2.7.17-1.el6.noarch on the clients, got an error for puppetdb , client1 :~ # puppet agent --test err: Could not retrieve catalog from remote server: Error 400

...ese types of errors get logged properly. * `puppetdb-ssl-setup` should be able to be re-executed The script can now be executed multiple times. It will ensure that all generated files are readable by the PuppetDB daemon, and it reconfigures PuppetDB to use the newly-generated keystore and truststore passwords. * `puppetdb-ssl-setup` shouldn''t fail when FQDN can''t be determined We now revert to using `facter hostname`, to allow installation to continue unimpeded. * Change SSL setup to use master SSL keys intead of agent This fixes installation bugs on systems that us...

Hi all, Hi all, We use puppet for, amongst other things, managing the private-key files needed for things like SSL certificates for HTTPS web servers. We have a few constraints on how these are handled, and changes in recent versions of puppet are making this harder than it perhaps ought to be to implement, so I''m curious to know how others are handling it. A site''s private

Hello Everybody, I am trying to install the puppetdb on the same machine as am running my puppetmaster. I am getting the following error when am trying to connect the agent: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit ''replace facts'' command for ftldwshost180.wsdev.citrix.com to PuppetDB at

Hi all, I''ve been looking at a potential problem, as documented here: http://projects.puppetlabs.com/issues/19241 To do with a leak within the KahaDB persistence layer of ActiveMQ. Specifically, there are reports of the db.data file growing unbounded: https://issues.apache.org/jira/browse/AMQ-3956 I''m hoping to find out information from other PuppetDB users to see if this is