Displaying 20 results from an estimated 3000 matches similar to: "HELP!!! puppet-enterprise-3.1.0-el-6-i386 master/agent test fails"
2011 May 17
2
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B
I ran in this problem an digged the net for a while to find a solution.
I have a fresh puppet install, and most nodes run fine but some exhibit
the following error:
err: Could not retrieve catalog from remote server: SSL_connect
returned=1 errno=0 state=SSLv3 read server certificate B: certificate
verify failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping
2012 Apr 22
2
centos 6.2 - puppet 2.7.13 - SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert protocol version
Hi!
I''ve installed puppetmaster 2.7.13 on a server with CentOS 6.2 with a rpm
supplied by yum.puppetlabs.com.
I''ve setup a apache2 vhost with mod_ssl and passenger. The server is
configured to autosign the cert requests.
The agent installed on the puppetmaster''s server works fine. I''ve a second
agent on a server which can sync with the server too. This
2011 Apr 06
4
SSL issues: Separate CA, multiple load balanced masters
Hi,
I''ve been at it for about 4 days now and I just can''t figure it out.
I''m getting the following error when running puppet agent on my
masters: SSL_connect returned=1 errno=0 state=SSLv3 read server
certificate B: certificate verify failed
At startup, I''m running ntpdate (I''ve read in a lot of places that
this error occurs when date between servers
2011 Oct 12
2
tlsv1 alert - unknown ca!
Hi,
I have setup puppet (2.7.5) on 2 different machines on ec2.
Puppet master config
1. Ruby - 1.9.3
2. OS - Amazon linux image
3. runs from root user
Puppet agent config
1. Ruby - 1.9.3
2. OS - centos
3. runs from root user
When i run the agent, it throws an error "unknown ca" (can been seen
in tcpdump/server logs) and closes the SSL connection immediately. I
tried following things
2013 Oct 18
1
'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
Hi, ppl
I dont know what to do.
I configure a new client do sync with my server. the server accept de
client_cert without errors and then when i run the "puppet agent -t" agaion
i got this error output
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources
using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read
server
2010 Jun 18
1
problems with puppetmaster using intermediate CA cert
Hi,
I''m trying to develop a manifest to setup a new puppet master. To solve
the SSL certificates I''ve created a root CA outside of puppet, and have
generated an intermediate CA for the new puppet master to use. I''ve also
configured my puppetmaster daemon to use it''s own ssl directory. So the
new puppetmaster is at the same time a client of the old puppet
2012 Aug 24
1
Getting issues while separating CA and master servers
I am trying to setup a different CA_server and master server.
I am following these links :
http://bodepd.com/wordpress/?p=7
http://docs.puppetlabs.com/guides/scaling_multiple_masters.html
Kindly help as am getting this error
info: Retrieving plugin
err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional
resources using ''eval_generate: SSL_connect returned=1
2013 Jun 12
4
certificate problem
When I try to connect to my new puppet master, I get an error because of
a self-signed certificate:
---snip---
# puppet agent --test --noop
Warning: Unable to fetch my node definition, but the agent run will
continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server
certificate B: certificate verify failed: [self signed certificate in
certificate chain for /CN=Puppet CA:
2013 Nov 06
1
PuppetMaster and Puppet Client in the same machine
Hi Dears,
I am installing the puppetmaster server and puppet client is running in the
same machine.
When i running : puppet agent --test --waitforcert 30
I received the error :
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources
using ''eval_generate'': SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verify failed:
2012 Dec 28
1
err: Signing certificate error: Could not render to pson: getaddrinfo: Name or service not known
Hi,
I am trying to bootstrap a new agent from my master node as below.
puppet node_aws bootstrap \
--region us-east-1 \
--image ami-cc5af9a5 \
--login root \
--keyfile /root/.ssh/private.pem \
--install-script=puppet-enterprise \
--installer-payload=/usr/local/puppet/puppet-2.7.0.tar.gz \
--installer-answers=/usr/local/puppet/agent.txt \
--keyname icos-client \
--type t1.micro
Node is created
2011 Mar 10
2
Puppet Certificate verify failed
Hello,
I am trying to configure a new puppet server on Debian Squeeze, so the
server version will be 2.6.2-4.
I am trying to configure a client running Lenny, the puppet version is
0.25.4-2
I declare the new client with the command :
#puppetd --server puppet.domain.tld --waitforcert 60 --test
on the server :
#puppetca --sign client.domain.tld
When the client finish to execute the first
2013 Jul 03
1
Certificate errors
Hi all,
I launched a Puppet service a few month ago and it did function pretty well
for some time.
Last week, I tried to clean old entries but I think I deleted too much
information as I can no more synchronize my clients.
I get a certificate error :
*[root@REBITPUPPET01 ~]# puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will
continue:
Warning: SSL_connect
2009 Nov 04
2
Certificates Revocation Lists and Apache...
Hi,
already asked in the openssl mailing list, but just in case you already went through this...
I need a little help with Certificate Revocation Lists.
I did setup client certificates filtering with apache and it seem to work fine so far (used a tutorial on http://www.adone.info/?p=4, down right now).
I have a "CA" that is signing a "CA SSL".
Then, the "CA SSL" is
2012 Aug 10
3
SSL issues - certificate verify failed
Hello readers,
I have this little issue that my puppet client refuses to do anything
because of SSL validation errors. Maybe I''ll just post dump of what
happens, that makes it clear I hope. Does anyone have a suggestion why that
might happen? what I already checked:
On the master:
- Puppet and puppetmaster is running
- Something is listening on Port 8140 (although I cannot
2023 Jul 19
1
Samba 4 AD SmartCard Authentication Problem
Unfortunately this does not work.
Example: Yes, when i give it a few Days, the client will retrieve the
actual crl faster. But the auth still works.
I have tried it. I revoked an cert. Installed a new win10 client and
joined the domain. After login with the revoked p12 cert on a yubikey, i
can see he queries the CDP and still allows the login.
With certutil and a cert in DER format, i tried
2009 Mar 13
1
how to handle CA CRL updates with client certificate verification context ?
Hello,
As far as I can read in the Dovecot SSL configuration wiki page, each CA
cert must be followed by the related CA CRL in the client certificate
verification context ("ssl_ca_file" setting). In my company we do have
our own PKI and as soon as Client certificate is compromised we do
revoke it and update the related CA's CRL.
Does that mean that I have to issue a new
2019 Jun 16
2
Self-signed TLS client certificates
Dear List,
I self-host my e-mail and run Dovecot since ever I do that. Dovecot
version is 2.3.4.1 (f79e8e7e4), running on Debian testing.
Now I am trying to configure Dovecot for client TLS certificates. I have
a self-signed certificate whose private key resides on a smartcard
(Yubikey, to be exact). I wanted Dovecot to accept that TLS client
certificate instead of a password. So I searched and
2013 Jul 30
1
Puppet3 key exchange on RHEL6
I''m attempting to run Puppet 3.2.3 on RHEL6 and am running into key
problems.
The keys seem to be exchanged, or at least the puppet master receives the
key from the client:
lib_puppet2.library.nd.edu|root no_ora /var/lib/puppet 1029$ puppet cert
list --all
+ "puptest1.library.nd.edu" (SHA256)
2015 Jan 26
1
imap-login: Fatal: pipe() failed: Too many open files
I also keep on getting funny errors of dovecot EVEN THOUGH I
authenticated successfully through SMTP (Dovecto SASL) ?!?!
Just for debugging this entire issue I set those parameters:
debug_level = -1
auth_verbose = yes
auth_verbose_passwords = yes
auth_debug = yes
auth_debug_passwords = yes
mail_debug = yes
verbose_ssl = yes
cat /var/loca/maillog
Jan 26 12:08:22 WM-01
2015 Feb 16
2
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
Why not /etc/dovecot/private? That's where I put my dovecot certs. Dovecot's needs are a bit different from other software, and so it is unclear whether the files won't be unique to it. For example, I haven't seen the following before I read it on the Dovecot wiki:
"The CA file should contain the certificate(s) followed by the matching CRL(s). Note that the CRLs are required