PuppetDB remote connection not working with CURL but working with openssl
73 views
Skip to first unread message
Juan Sierra Pons
Aug 13, 2015, 5:44:59 AM8/13/15
to puppet...@googlegroups.com
Hi,
I am trying to query the puppetdb from a remote server using curl and
https without success.
I have already generated the certificates and move them the remote server.
Using openssl all works ok
First I launch the following command:
openssl s_client -connect puppetdb:8081 -CAfile ca.pem -cert
pentahotest.pem.cer -key pentahotest.pem.priv
Once the connection is stablished I send the url to get the results:
get /v3/nodes
[ {
"name" : "server1",
"deactivated" : null,
"catalog_timestamp" : "2015-08-13T09:12:44.087Z",
"facts_timestamp" : "2015-08-13T09:12:35.127Z",
"report_timestamp" : "2015-08-13T09:13:10.401Z"
}
[...]
So certificates are working ok. But If I use CURL with same
certificates it doesn't works
$ curl -vvv -sfG 'https://puppetdb:8081/v3/nodes' --cacert ca_crt.pem
--cert pentahotest.pem.cer --key pentahotest.pem.priv
* STATE: INIT => CONNECT handle 0x600057080; line 1075 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* Trying X.X.X.X...
* STATE: CONNECT => WAITCONNECT handle 0x600057080; line 1128 (connection #0)
* Connected to puppetdb (X.X.X.X) port 8081 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057080; line 1225
(connection #0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* error setting certificate verify locations:
CAfile: ca_crt.pem
CApath: none
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057080; line
1239 (connection #0)
* Expire cleared
* Curl_done
* Closing connection 0
* The cache now contains 0 members
Any idea what am I doing wrong?
Best regards
--------------------------------------------------------------------------------------
Juan Sierra Pons ju...@elsotanillo.net
Linux User Registered: #257202
Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE
--------------------------------------------------------------------------------------
I am trying to query the puppetdb from a remote server using curl and
https without success.
I have already generated the certificates and move them the remote server.
Using openssl all works ok
First I launch the following command:
openssl s_client -connect puppetdb:8081 -CAfile ca.pem -cert
pentahotest.pem.cer -key pentahotest.pem.priv
Once the connection is stablished I send the url to get the results:
get /v3/nodes
[ {
"name" : "server1",
"deactivated" : null,
"catalog_timestamp" : "2015-08-13T09:12:44.087Z",
"facts_timestamp" : "2015-08-13T09:12:35.127Z",
"report_timestamp" : "2015-08-13T09:13:10.401Z"
}
[...]
So certificates are working ok. But If I use CURL with same
certificates it doesn't works
$ curl -vvv -sfG 'https://puppetdb:8081/v3/nodes' --cacert ca_crt.pem
--cert pentahotest.pem.cer --key pentahotest.pem.priv
* STATE: INIT => CONNECT handle 0x600057080; line 1075 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* Trying X.X.X.X...
* STATE: CONNECT => WAITCONNECT handle 0x600057080; line 1128 (connection #0)
* Connected to puppetdb (X.X.X.X) port 8081 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057080; line 1225
(connection #0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* error setting certificate verify locations:
CAfile: ca_crt.pem
CApath: none
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057080; line
1239 (connection #0)
* Expire cleared
* Curl_done
* Closing connection 0
* The cache now contains 0 members
Any idea what am I doing wrong?
Best regards
--------------------------------------------------------------------------------------
Juan Sierra Pons ju...@elsotanillo.net
Linux User Registered: #257202
Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE
--------------------------------------------------------------------------------------
Juan Sierra Pons
Aug 13, 2015, 9:30:46 AM8/13/15
to puppet...@googlegroups.com
The problem was between the seat and the keyboard :P
I was using different ca names (ca_crt.pem != ca.pem)
Now it works perfectly
Best regard
I was using different ca names (ca_crt.pem != ca.pem)
Now it works perfectly
Best regard
--------------------------------------------------------------------------------------
Juan Sierra Pons ju...@elsotanillo.net
Linux User Registered: #257202
Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE
--------------------------------------------------------------------------------------
Juan Sierra Pons ju...@elsotanillo.net
Linux User Registered: #257202
Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE
--------------------------------------------------------------------------------------
Reply all
Reply to author
Forward
0 new messages