Displaying 20 results from an estimated 5000 matches similar to: "puppetca trouble (The certificate retrieved from the master does not match the agent's private key)"
2008 Nov 19
2
Could not request certificate: Certificate does not match private key
hello,
I''ve just added a new client to an existing configuration but cannot
get it recognised. Both client and server are running 0.24.5,
installed on gentoo linux using portage.
This is what I dis:
Server:
/etc/init.d/puppetmaster start
* Starting
puppetmaster ...
[ ok ]
Client:
puppetd --test
warning: peer certificate won''t be verified in this SSL session
notice: Did not
2007 Oct 09
9
puppetca is unable to sign certificate
Hi - I a ran puppetd -vt against a brand newly build host (which is
what I normally do for a new host) and got the usual message:
err: No certificate; running with reduced functionality.
info: Creating a new certificate request for sega-dev-1.
info: Requesting certificate
On the puppetmaster, I then list the waiting host with: puppetca
--list then sign the key. In this case, I decided that the
2007 Dec 08
6
Creating certificates with puppetca with puppet.example.com as CommonName
Greetings!
As you undoubtedly know, the fixes for CVE 2007-5162 in ruby break
installations where puppetca has created certificates with a CommonName
different from the server's real hostname. The Puppet clients quite correctly
complains about hostname mismatch.
A number of better and worse solutions have been suggested for this problem,
especially in ticket #896. IMHO, there are two good
2009 Nov 04
0
Announcement: Foreman 0.1-2 is out
Hello All,
I''m happy to announce the next stable release of Foreman (0.1-2), main new
features include:
- General
- LDAP / AD Authentication support.
- Audit Log - keeps information about changed host values (e.g. host
environment, external node parameters etc).
- Added Puppet module for installing/managing foreman
- Puppet Reports
- Added a basic
2014 Oct 24
1
What is a client certificate?
A very ignorant question, sans doute.
I get my certificates from cacert.org, to whom I am very grateful.
I follow what I take to be the official procedure,
first creating <server>.key and <server>.csr on my server
and then getting <server>.crt by going to Server Certificate=>New
at the cacert site.
I then place the key certficate *.key in /etc/pki/tls/private/
and what I
2011 Mar 22
13
Foreman 0.2 Release Candidate
Hello All,
I''m happy to announce a new release candidate of Foreman, top highlights
for this release includes:
* New look and feel
* Extended restful API
* Support for New Puppet Reports format
* Full VM/physical host Provisioning
* Powerful template generator ( pxelinux, gpxe, kickstart, preseed, grub
etc..)
* introduce a new service called smart proxy (which can run on remote
2012 Jan 09
0
Changing the puppetca CA password
Currently the puppetca CA password is set to ''secret''
How would one go about changing it? I agree with puppetlabs
documentation that you should be an SSL expert to implement your own
CA. I am not. However I would like to use puppet''s CA PKI
infrastructure with ActiveMQ over TLS and it is seems logical to use
puppet''s KPI with this for mcollective and
2017 Nov 23
0
Cluster installation CentOS 7.4 network problems
Hi there,
after using Foreman successful on our clusters for more than a year. I'd
like to reinstall a 90 node cluster with Centos 7.4. It's now running on
Centos 7.3 . I'm not able to just update to 7.4 because of zfsonlinux
dependencies and well - some nodes died and had to bare metal install them.
So I was able to install these nodes successfully by pxe-booting and
using a
2007 Nov 30
2
Puppetca issue - not working
I am using Puppet 0.23.2
I am trying to add a new client -- v26.domain.com
This is what I am doing from client side - v26.doamin.com
#puppetd --test
info: Creating a new certificate request for v26.domain.com
info: Creating a new SSL key at
/var/lib/puppet/ssl/private_keys/v26.domain.com.pem
warning: peer certificate won''t be verified in this SSL session.
notice: No
2008 Aug 29
3
Could not call puppetca.getcert: #<Errno::EHOSTUNREACH: No route to host
Hi all puppet-Users,
i try to get my first puppet installation up and running.
(puppet-0.24.5, ruby-1.8.5)
everything works as expected witch puppetmasterd + puppetd on the same
machine.
but i''ve problems connecting to the puppet-server from any client
host.
all i get is the error
------------
debug: Calling puppetca.getcert
err: Could not call puppetca.getcert:
2011 Jun 17
7
Questions for puppet 2.6.8 client certificate management
How do I initiate a certificate request without going into non-daemon mode ?
According to "Pro Puppet" book, so far the only way I know that can
trigger a certficate request with puppet master is like this
puppet agent --server=puppetmaster.test.com --no-daemonize --verbose
but doing so will break my intention of automation I need to create a
puppet client package. A control-C is
2011 Jan 10
1
Could not call puppetca.getcert HTTP-error: 500
Hello,
Puppet client is receiving the 500 error when trying to talk to the
puppetmaster server.
Apache error log on the server shows ->
Could not prepare for execution: Got 1 failure(s) while initializing:
change from absent to file failed: Could not set ''file on ensure:
Permission denied - /var/lib/puppet/log/masterhttp.log
Permissions on this file are open and the file is owned
2008 Nov 18
1
puppetca and openvpn ...
Has anyone attempted to get openvpn to work with puppets certificates?
I am thinking that it should work without to much fuss.
My current openvpn implementation uses the following certificates and
beside these are what i think would be the appropriate puppet ones.
openvpn server:
ca /etc/openvpn/ca.crt -> /var/lib/puppet/ssl/certs/ca.pem
cert /etc/openvpn/fqdn.crt ->
2010 Feb 18
14
Rebuilding machines from foreman
Hello,
I ran into this problem today, I am trying to implement "One click
installation", I followed foreman howtos and set up the pre-requisites
accordingly.
However, when I click on "Build" button, I get the following errors in the
foreman''s console and another error in the web interface indicating that the
installation failed. Any ideas?
*"PuppetCA: SSL/CA or
2011 Apr 18
4
Certificate request does not match existing certificate
Hello there,
I have a problem while I''m trying to puppetize a client, I get this
error:
err: Could not request certificate: Certificate retrieval failed:
Certificate request does not match existing certificate; run ''puppetca
--clean puppetclienttest.sl.ss''.
I checked
-Shutdown puppet on client/server side, delete ssl/ dir to regenerate
certificate.
-Be sure that the
2012 Feb 29
3
Private key troubles after a new install and a reboot
Ok, I''m new to puppet, but I''ve got everything working for my setup.
Almost.
I''m trying to set up a new server, using cobbler, and then puppet.
CentOS 6.2
Puppet 2.7.11
Cobbler 2.0.11
I have things set up so I can use kickstart to install the server on
boot. It installs puppet and facter from the puppetlabs repos and the
snippet
2011 Jan 06
7
Certificate / Private Key Mismatch
Hi,
When I start puppetd on my client machine I get this message in /var/
log/messages:
Parsing /etc/puppet/puppet.conf
reopening log files
could not request certificate; retrieved certificate does not match
private key;
Please remove certificate from server and regenerate it with current
key
Could not retrieve catalog from remote server
Using cached catalog
Could not retrieve catalog
2011 Mar 24
3
err: Could not retrieve catalog from remote server: certificate verify failed
So set up new node, ran on the client
puppetd --server puppetmaster --waitforcert 60 --test
on the puppetmaster itself I ran
puppetca --list
saw the hostname
and then ran:
puppetca --sign hostname.domain.com
and on the puppet node itself I went back and ran puppetd -tv
and get the following error:
err: Could not retrieve catalog from remote server: certificate verify failed
warning: Not
2013 Jun 12
0
Edit the Kickscript
My Foreman is now getting past creating a vm and doing the tftp config.
When I look at the location in the pxeboot
configuration http://foreman/unattended/provision is black. How do i edit
the master template that looks at ?
Additionally the initrd & vmlinuz files are both 0 bytes, is there anything
specific i have to do to make sure it can see these files, I can see them
in my web
2013 Aug 12
0
Asterisk WebRTC Support : WSS connection setup fails with error:00000000
Hi,
I'm trying to connect to the asterisk pbx via wss, from sipml5.org
demo page (http://sipml5.org/call.htm).
I used the guide from
https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial ,
to setup the tls.
I could make a secure sip call ( SRTP) using the PhonerLite sip
client. ( This confirms my sip - tls settings and tls certficates. (
I'd added the tls client certficate