similar to: Creating certificates with puppetca with puppet.example.com as CommonName

Hi All, I''ve been trying to resolve the SSL issue as described on the link at the bottom. I understand the issue and I''ve tried to implement all the different patches (one at a time .. :-). However for most of them there are either files missing or code not found in the files. It seems this is due to a version difference in Puppet. The docs and patches seem to be for the

Greetings! Are there any plans of using Kerberos for authentication in addition to (or in place of) SSL certificates in Puppet? Kerberos provides mutual, cryptographically strong authentication. A number of different services are Kerberos-enabled (SSH, NFSv4 and HTTP are common examples), and thus use the same authentication mechanism system-wide. At our site, almost all services and users are

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey, would it be very hard to improve file''s source parameter to support downloading a file from a http server? I got some quite huge files (~100MB) to distribute and update on each of the servers, so doing this with puppet:// is a mess (and mostly failes with the known buffer error). Yours, Phillip -----BEGIN PGP SIGNATURE----- Version:

Hi all puppet-Users, i try to get my first puppet installation up and running. (puppet-0.24.5, ruby-1.8.5) everything works as expected witch puppetmasterd + puppetd on the same machine. but i''ve problems connecting to the puppet-server from any client host. all i get is the error ------------ debug: Calling puppetca.getcert err: Could not call puppetca.getcert:

I am using Puppet 0.23.2 I am trying to add a new client -- v26.domain.com This is what I am doing from client side - v26.doamin.com #puppetd --test info: Creating a new certificate request for v26.domain.com info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/v26.domain.com.pem warning: peer certificate won''t be verified in this SSL session. notice: No

Hi - I a ran puppetd -vt against a brand newly build host (which is what I normally do for a new host) and got the usual message: err: No certificate; running with reduced functionality. info: Creating a new certificate request for sega-dev-1. info: Requesting certificate On the puppetmaster, I then list the waiting host with: puppetca --list then sign the key. In this case, I decided that the

All, I have --confdir=/etc/puppet/common in my /etc/init.d/puppetmaster and /etc/init.d/puppet files, vardir set to /var/lib/puppet in /etc/puppet/common/puppet.conf, and yet, every time I run puppetca it creates /etc/puppet/ssl. Anyone know why? Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email

Hello I have a puppetmasterd installation running on a Mac OS X 10.6.3 Server with puppet installed via macports. Earlier today it was happily signing requests, before I upgraded puppet from 0.24.8 to 0.25.4. Now I get "Invalid argument": bash-3.2# puppetca --sign bouti.carbonplanet.com bouti.carbonplanet.com err: Could not call sign: Invalid argument The only mention I can find on

Currently the puppetca CA password is set to ''secret'' How would one go about changing it? I agree with puppetlabs documentation that you should be an SSL expert to implement your own CA. I am not. However I would like to use puppet''s CA PKI infrastructure with ActiveMQ over TLS and it is seems logical to use puppet''s KPI with this for mcollective and

Hi: I''m trying to configure Puppet on Ubuntu, and strangely I am never able to generate a certificate because my server never shows any pending certificate requests. Put differently, on the server I am running puppetmasterd and on the client I am able to connect to the server, but the client continues printing notice: Did not receive certificate warning: peer certificate

Hi @all, i have a foreman-proxy server, build from scratch, works fine and i can build unattended hosts. I don''t want to configure all my foreman-proxys manually, so i build them in puppet, and only setup the OS (SL) and basic puppet config manually. I can run the puppet configuration sucsessfully, my config is exactly what i want, but i am unable to build unattended hosts anymore,

hello, I''ve just added a new client to an existing configuration but cannot get it recognised. Both client and server are running 0.24.5, installed on gentoo linux using portage. This is what I dis: Server: /etc/init.d/puppetmaster start * Starting puppetmaster ... [ ok ] Client: puppetd --test warning: peer certificate won''t be verified in this SSL session notice: Did not

Is there a Best Practices method for doing this? :) I''m trying to configure clients by ssh''ing to them from the puppetmaster. My steps are: ssh $host ''svccfg import ...'' sleep puppetca --sign $host scp namespaceauth.conf $host ssh $host ''svcadm restart puppet'' The problem is that I''d like to stop and log an error if the cert signing

So set up new node, ran on the client puppetd --server puppetmaster --waitforcert 60 --test on the puppetmaster itself I ran puppetca --list saw the hostname and then ran: puppetca --sign hostname.domain.com and on the puppet node itself I went back and ran puppetd -tv and get the following error: err: Could not retrieve catalog from remote server: certificate verify failed warning: Not

I have a problem I can''t figure out. I was having cert problems with a host - it seemed to have multiple host names (mot likely from dns changes in the past) and all the certs were valid. Although it was giving an error about a cert I could not identify. So I tried: puppetca --revoke hostname puppetca --clean hostname restart puppetmaster puppetca --list --all (host does not show up -

I restarted puppetmasterd and it announced that the Cert does not match existing key ! [root@puppet ~]# puppetmasterd --verbose --no-daemonize info: Starting server for Puppet version 0.24.1 info: mount[files]: allowing 10.100.0.0/16 access info: mount[files]: allowing *.gridapp.com access info: mount[files]: allowing *.dev.gridapp.com access info: Retrieving existing certificate for

Hello, I have seen via google that this very problem was already discussed on this and other lists some months ago, but the archives report no solution. I have dovecot 1.0-0_12.beta8 on Centos 4.3. IMAP works just fine: I can read email from both Squirrelmail via web and Kmail. Now I have created an ssl certificate and I'm trying to use it via pop3. When I launch fetchmail I get the error

Greetings, I have seen via google that this very problem was already discussed on several lists some months ago, but the archives report no solution. I have a remote server with dovecot 1.0-0_12.beta8 on Centos 4.3. IMAP works just fine: I can read email from both Squirrelmail via web and Kmail. Now I have created an ssl certificate on the server, and I'm trying to retrieve email via pop3s

I''m having difficulty getting my head around some CA issues My client has: [puppetd] ca_server=puppetca.mydomain.com and puppet resolves to a different machine. when puppet connects, it requests a signature from puppetca.mydomain.combut then on the next pass fails with the following: err: Could not retrieve catalog: Certificates were not trusted: SSL_connect returned=1 errno=0

Hello, I try to install puppet on freebsd 6.X. All is well but i cannot get the certificte to install and be recognized. I run .19.3. I run the puppetd --test --waitforcert 60 then sign and then i got: err: No certificate; running with reduced functionality. info: Creating a new SSL key at /usr/local/.aqadmin/puppet/conf/ssl/private_keys/xxxxxxxxxxxxxx.pem info: Creating a new certificate