puppet 2.7.26 certificate verify failed master and client the same
40 views
Skip to first unread message
Ed Deloye
Mar 5, 2015, 7:27:26 PM3/5/15
to puppet...@googlegroups.com
I am building a new puppet master server and trying to get it to run puppet on itself.
I deleted everything in the /var/lib/puppet/ssl directory and generated a new cert.
I get this error:
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.internal.ZZZ.com]
The system name is gso0puppet01. Running puppet cert -la gives this output:
+ "gso0puppet01.internal.ZZZ.com" (F9:B1:00:23:FD:72:6C:F9:51:B9:CC:D8:BF:8B:25:9B) (alt names: "DNS:gso0puppet01.internal.ZZZ.com", "DNS:puppet", "DNS:puppet.internal.ZZZ.com")
and openssl x509 -issuer -subject -noout -in /var/lib/puppet/ssl/certs/ca.pem
issuer= /CN=Puppet CA: gso0puppet01.internal.ZZZ.com
subject= /CN=Puppet CA: gso0puppet01.internal.ZZZ.com
So it looks like the agent is trying to contact the old master server, puppetmaster. How can I make it use the new master server?
Thanks,
Ed
I deleted everything in the /var/lib/puppet/ssl directory and generated a new cert.
I get this error:
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.internal.ZZZ.com]
The system name is gso0puppet01. Running puppet cert -la gives this output:
+ "gso0puppet01.internal.ZZZ.com" (F9:B1:00:23:FD:72:6C:F9:51:B9:CC:D8:BF:8B:25:9B) (alt names: "DNS:gso0puppet01.internal.ZZZ.com", "DNS:puppet", "DNS:puppet.internal.ZZZ.com")
and openssl x509 -issuer -subject -noout -in /var/lib/puppet/ssl/certs/ca.pem
issuer= /CN=Puppet CA: gso0puppet01.internal.ZZZ.com
subject= /CN=Puppet CA: gso0puppet01.internal.ZZZ.com
So it looks like the agent is trying to contact the old master server, puppetmaster. How can I make it use the new master server?
Thanks,
Ed
Felix Frank
Mar 6, 2015, 9:15:12 AM3/6/15
to puppet...@googlegroups.com
Hi,
on the agent, try
puppet agent --configprint server
It likely indicates the FQDN of the old master. Change your puppet.conf
accordingly, so that the new FQDN is used instead.
[main]
server=gso0puppet01...
HTH,
Felix
on the agent, try
puppet agent --configprint server
It likely indicates the FQDN of the old master. Change your puppet.conf
accordingly, so that the new FQDN is used instead.
[main]
server=gso0puppet01...
HTH,
Felix
Reply all
Reply to author
Forward
0 new messages