Displaying 20 results from an estimated 70000 matches similar to: "Same certificate on multiple identical machines ?"
2010 Jun 03
8
authenticating new nodes that are created by provisioning
Hey Folks,
I''m looking at doing automated provisioning of new servers and am trying to integrate puppet into this process. What I''m wondering though is what the best process for securely registering a new node is.
At the moment the first time puppet is run I have to then accept the certificate on the puppetmaster and then run puppet again.
What I would like to do is accept the
2013 Feb 16
22
How to manually create Puppet CA and client certificates using openssl?
I am wondering how to manually (using openssl instead of puppet cert
command) create CA that would be usable by Puppet? The goal would be to
script creation of such CA''s to deploy them on multiple puppetmasters,
instead of certificates being created on them via puppet cert command.
Any ideas on how to do it? I was only able to find something like that:
2011 Oct 24
3
Important Security Announcement: AltNames Vulnerability [new version of puppet]
We have discovered a security vulnerability (“AltNames Vulnerability”)
whereby a malicious attacker can impersonate the Puppet master using
credentials from a Puppet agent node. This vulnerability cannot cross
Puppet deployments, but it can allow an attacker with elevated
privileges on one Puppet-managed node to gain control of any other
Puppet-managed node within the same infrastructure.
All
2010 Nov 13
12
certificate verify failed
I am banging my head against the wall for recently built hosts that
are unable to verify the server''s certs. The usual is not working.
on the puppet agent machine:
find /var/lib/puppet/ssl -type f -delete
on puppet master:
puppetca --clean <new_host_cert>
on agent:
puppetd --server puppet --waitforcert 2 --no-daemonize -d -o
on puppet master:
puppetca --sign
2010 Mar 05
6
About autosigning and the FAQ entry
Hello!
The FAQ contains an entry about autosigning:
http://reductivelabs.com/trac/puppet/wiki/FrequentlyAskedQuestions#why-shouldn-t-i-use-autosign-for-all-my-clients
It says:
> The certificate itself is stored, so two nodes could not connect with
the same CN
I tried this (using 0.25.4), and actually, that doesn''t seem to be
correct. I was able to run puppetd on two different
2007 Nov 02
5
Odd SSL Error
I have one puppet complaining -
Could not retrieve configuration: Certificates were not trusted: block
type is not 01
Puppetmaster and puppet''s are CentOS 4.5 and I use the Lutter rpms of
23.2, anyone ever see this?
Thx
Tim
2007 Oct 10
17
Warning for Fedora Core users
Fedora Core 7 has just updated their Ruby package (was 1.8.6.36-3.fc7,
is now 1.8.6.110-3.fc7), and the upgrade broke my Puppet installation,
and there was a similar report from someone else.
Communications between the puppetmasterd and the puppetd running on
the same host broke down with the message:
Could not retrieve configuration: Certificates were not trusted: hostname
not match with
2011 Dec 13
6
Is there a way to push/copy a file from client to master ?
I am dealing with SSL certificates for secure rsyslog that need to be created on each machine and then collected onto the logging server.
Getting a file from puppetmaster to client is trivial, but how do I reverse the process ?
“Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)
2013 Feb 06
12
Certificate nightmares
I think I really hosed my certificates somehow this morning trying to get
PuppetDB and Puppet talking again -- here''s where I stand.
My Puppet master and PuppetDB are again talking, or at least, aren''t
complaining about communication.
From my puppet master, I can run "puppet agent -t", and it runs just fine.
From any other node on which puppet had been running, I
2011 Dec 16
12
Seperate CA's/Master behind load balancer
Hello,
Attempting to setup a CA primary/standby as well as seperate
puppetmaster servers (all running Apache/Passenger) behind another
Apache/Passenger type load balancer.
Clients are not getting certs:-
err: Could not request certificate: Could not intern from s: nested
asn1 error
Clearly an SSL issue but not something I know a great deal about.
loadbalancer.conf
# Puppet Load Balancing
2009 Nov 13
2
Multihomed puppet-server Multidomain SSL Problem
Hello List,
I have a problem with the CA on my Puppetmaster. This Puppetmaster is
connected to different Networks with different sub domainnames. The Puppet
clients connecting via different Interfaces. There is no routing between
subnets. Only one subnet can connect successfully. This is because the
subject in the Certificate is the name of this subnet. All other clients get:
Could not
2013 Apr 11
3
Understanding how Puppet SSL works !
I revoked the certificate of one of the clients by issuing the following
command on puppetmaster :
puppet cert clean <hostname>
Then tried to access the catalog from <hostname> via :
puppet agent --server=puppet ....
and I can still access the catalogs from the master without any error.
I checked that the certificate is no longer there in the puppetmaster for
this
2011 Nov 02
5
Puppet certificate
I''m running in circles with this issue... I accidentally did a ''puppetca --clean --all'' and lost all certificates. I was able to get the puppetmaster running and re-created certificates for the client system, but I get the following error:
warning: peer certificate won''t be verified in this SSL session
info: Caching certificate for w0f.lagged.com
info:
2008 Dec 04
4
puppetmaster built via puppetd
hi,
i''m trying to set up my puppetmaster infrastructure with multiple
puppetservers behind load balancers in each of our datacenters. i''m
using 0.24.6. i''ve read the howto on puppet scalability, and i think
i''ve got the ssl config working correct, but i''m noticing that when
puppetd is used to build a puppetmaster, some of the files in $vardir/
ssl
2008 Nov 10
12
CA_Server woes
I''m having difficulty getting my head around some CA issues
My client has:
[puppetd]
ca_server=puppetca.mydomain.com
and puppet resolves to a different machine.
when puppet connects, it requests a signature from
puppetca.mydomain.combut then on the next pass fails with the
following:
err: Could not retrieve catalog: Certificates were not trusted: SSL_connect
returned=1 errno=0
2013 Feb 11
27
Certificate verify fails without indications
I have a puppet master on Centos 6.3 connected and working properly with
other Centos 6.3 agent. I installed puppet agent via gems on a RED HAT 4
node. This is what happens when I try to sign certificate for the new node:
AGENT
[root@FP2 ~]$ puppet agent -t Info: Creating a new SSL key for fp2 Info:
Caching certificate for ca Info: Creating a new SSL certificate request for
fp2 Info:
2006 Oct 18
19
Creating client certificates
I testing Puppet 0.19.3. If we decide to use it, we''d deploy it
across several thousand hosts. The method described for creating
client certificates described in the documentation - running
"puppetd --server <server> --waitforcert 60 --test" and "puppetca
--sign <client>" - is not practical for our installation. I''ve
tried creating
2012 Jun 14
15
Problem with Load Balancing Puppet masters with Apache mod_proxy
I have a single LB running Apache with mod_proxy in front of a Puppet
master. These are the LB and Puppet master configs:
<Proxy balancer://puppetmaster>
BalancerMember http://192.168.1.10:8140
</Proxy>
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite
2012 Nov 29
7
Puppet CA corruption
Hello everyone,
Just getting my first puppet master set up and I am having a problem that I
just do not know how to get past. For some reason, my certificate store
keeps getting corrupted. Basically what happens is that the server will
issue itself a valid certificate (after removing the ''bad'' cert) and will
run just fine. When I start puppetDB (I am pretty sure it happens
2012 Feb 27
1
Using puppet cert generate on a client -- why doesn't this work?
I''m running a two headed puppetmaster and have disabled crl''s. Let''s
call them the primary and the secondary. The primary and secondary
both use the primary as their master. The secondary only is used when
the primary isn''t responding (I wrap the puppetd call in cron with a
short shell script)
I''m managing these ca files on the masters, pushing