Displaying 20 results from an estimated 2000 matches similar to: "Creating certificates with puppetca with puppet.example.com as CommonName"
2007 Dec 10
3
Is the SSL issue solvable for (the apt-get) Puppet version 0.20.1 ??
Hi All,
I''ve been trying to resolve the SSL issue as described on the link at the
bottom. I understand the issue and I''ve tried to implement all the different
patches (one at a time .. :-). However for most of them there are either
files missing or code not found in the files. It seems this is due to a
version difference in Puppet. The docs and patches seem to be for the
2007 Dec 19
7
Kerberos for authentication?
Greetings!
Are there any plans of using Kerberos for authentication in addition to (or
in place of) SSL certificates in Puppet?
Kerberos provides mutual, cryptographically strong authentication. A number
of different services are Kerberos-enabled (SSH, NFSv4 and HTTP are common
examples), and thus use the same authentication mechanism system-wide. At our
site, almost all services and users are
2007 Dec 18
5
improving "file" to support http
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey,
would it be very hard to improve file''s source parameter to support
downloading a file from a http server?
I got some quite huge files (~100MB) to distribute and update on each of
the servers, so doing this with puppet:// is a mess (and mostly failes
with the known buffer error).
Yours, Phillip
-----BEGIN PGP SIGNATURE-----
Version:
2008 Aug 29
3
Could not call puppetca.getcert: #<Errno::EHOSTUNREACH: No route to host
Hi all puppet-Users,
i try to get my first puppet installation up and running.
(puppet-0.24.5, ruby-1.8.5)
everything works as expected witch puppetmasterd + puppetd on the same
machine.
but i''ve problems connecting to the puppet-server from any client
host.
all i get is the error
------------
debug: Calling puppetca.getcert
err: Could not call puppetca.getcert:
2007 Nov 30
2
Puppetca issue - not working
I am using Puppet 0.23.2
I am trying to add a new client -- v26.domain.com
This is what I am doing from client side - v26.doamin.com
#puppetd --test
info: Creating a new certificate request for v26.domain.com
info: Creating a new SSL key at
/var/lib/puppet/ssl/private_keys/v26.domain.com.pem
warning: peer certificate won''t be verified in this SSL session.
notice: No
2007 Oct 09
9
puppetca is unable to sign certificate
Hi - I a ran puppetd -vt against a brand newly build host (which is
what I normally do for a new host) and got the usual message:
err: No certificate; running with reduced functionality.
info: Creating a new certificate request for sega-dev-1.
info: Requesting certificate
On the puppetmaster, I then list the waiting host with: puppetca
--list then sign the key. In this case, I decided that the
2011 Mar 31
5
puppetca and /etc/puppet/ssl
All,
I have --confdir=/etc/puppet/common in my /etc/init.d/puppetmaster and
/etc/init.d/puppet files, vardir set to /var/lib/puppet in
/etc/puppet/common/puppet.conf, and yet, every time I run puppetca it
creates /etc/puppet/ssl. Anyone know why?
Doug.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email
2010 Jun 15
8
puppetca unable to sign new certs - Invalid argument error
Hello
I have a puppetmasterd installation running on a Mac OS X 10.6.3
Server with puppet installed via macports.
Earlier today it was happily signing requests, before I upgraded
puppet from 0.24.8 to 0.25.4. Now I get "Invalid argument":
bash-3.2# puppetca --sign bouti.carbonplanet.com
bouti.carbonplanet.com
err: Could not call sign: Invalid argument
The only mention I can find on
2012 Jan 09
0
Changing the puppetca CA password
Currently the puppetca CA password is set to ''secret''
How would one go about changing it? I agree with puppetlabs
documentation that you should be an SSL expert to implement your own
CA. I am not. However I would like to use puppet''s CA PKI
infrastructure with ActiveMQ over TLS and it is seems logical to use
puppet''s KPI with this for mcollective and
2011 Feb 15
11
Puppetmasterd not receiving certificate request
Hi: I''m trying to configure Puppet on Ubuntu, and strangely I am never
able to generate a certificate because my server never shows any
pending certificate requests.
Put differently, on the server I am running puppetmasterd and on the
client I am able to connect to the server, but the client continues
printing
notice: Did not receive certificate
warning: peer certificate
2012 Mar 26
0
puppetca trouble (The certificate retrieved from the master does not match the agent's private key)
Hi @all,
i have a foreman-proxy server, build from scratch, works fine and i can
build unattended hosts.
I don''t want to configure all my foreman-proxys manually, so i build them
in puppet, and only setup the OS (SL) and basic puppet config manually.
I can run the puppet configuration sucsessfully, my config is exactly what
i want, but i am unable to build unattended hosts anymore,
2008 Nov 19
2
Could not request certificate: Certificate does not match private key
hello,
I''ve just added a new client to an existing configuration but cannot
get it recognised. Both client and server are running 0.24.5,
installed on gentoo linux using portage.
This is what I dis:
Server:
/etc/init.d/puppetmaster start
* Starting
puppetmaster ...
[ ok ]
Client:
puppetd --test
warning: peer certificate won''t be verified in this SSL session
notice: Did not
2006 Dec 19
2
Automating client setups
Is there a Best Practices method for doing this? :)
I''m trying to configure clients by ssh''ing to them from the
puppetmaster. My steps are:
ssh $host ''svccfg import ...''
sleep
puppetca --sign $host
scp namespaceauth.conf $host
ssh $host ''svcadm restart puppet''
The problem is that I''d like to stop and log an error if the cert
signing
2011 Mar 24
3
err: Could not retrieve catalog from remote server: certificate verify failed
So set up new node, ran on the client
puppetd --server puppetmaster --waitforcert 60 --test
on the puppetmaster itself I ran
puppetca --list
saw the hostname
and then ran:
puppetca --sign hostname.domain.com
and on the puppet node itself I went back and ran puppetd -tv
and get the following error:
err: Could not retrieve catalog from remote server: certificate verify failed
warning: Not
2010 Apr 21
3
revoked host can't be re-added?
I have a problem I can''t figure out. I was having cert problems with a
host - it seemed to have multiple host names (mot likely from dns
changes in the past) and all the certs were valid. Although it was
giving an error about a cert I could not identify. So I tried:
puppetca --revoke hostname
puppetca --clean hostname
restart puppetmaster
puppetca --list --all
(host does not show up -
2008 Jan 02
4
Puppetmaster doesn''t know itself
I restarted puppetmasterd and it announced that the Cert does not match
existing key !
[root@puppet ~]# puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.1
info: mount[files]: allowing 10.100.0.0/16 access
info: mount[files]: allowing *.gridapp.com access
info: mount[files]: allowing *.dev.gridapp.com access
info: Retrieving existing certificate for
2006 Jun 13
1
Server CommonName mismatch: localhost.localdomain
Hello,
I have seen via google that this very problem was already discussed on
this and other lists some months ago, but the archives report no solution.
I have dovecot 1.0-0_12.beta8 on Centos 4.3. IMAP works just fine: I
can read email from both Squirrelmail via web and Kmail.
Now I have created an ssl certificate and I'm trying to use it via
pop3.
When I launch fetchmail I get the error
2006 Jun 13
1
SSL: Server CommonName mismatch: localhost.localdomain
Greetings,
I have seen via google that this very problem was already discussed on
several lists some months ago, but the archives report no solution.
I have a remote server with dovecot 1.0-0_12.beta8 on Centos 4.3. IMAP
works just fine: I can read email from both Squirrelmail via web and
Kmail.
Now I have created an ssl certificate on the server, and I'm trying to
retrieve email via pop3s
2008 Nov 10
12
CA_Server woes
I''m having difficulty getting my head around some CA issues
My client has:
[puppetd]
ca_server=puppetca.mydomain.com
and puppet resolves to a different machine.
when puppet connects, it requests a signature from
puppetca.mydomain.combut then on the next pass fails with the
following:
err: Could not retrieve catalog: Certificates were not trusted: SSL_connect
returned=1 errno=0
2006 Nov 02
6
certificate not trusted
Hello,
I try to install puppet on freebsd 6.X. All is well but i cannot get
the certificte to install and be recognized. I run .19.3.
I run the puppetd --test --waitforcert 60
then sign
and then i got:
err: No certificate; running with reduced functionality.
info: Creating a new SSL key at
/usr/local/.aqadmin/puppet/conf/ssl/private_keys/xxxxxxxxxxxxxx.pem
info: Creating a new certificate