PuppetDB not send fact to Dashboard - state=SSLv3 read server session ticket A: tlsv1 alert unknown ca

[Stella]

Hi guys,

I got so many problems this weekend for my puppet 3.6.2 with dashboard and puppetdb!

On PuppetDashboard, I want to check facts for a host, but errro:

Inventory
Could not retrieve facts from inventory service: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca

Then I did two things, trying to fix:
1. I followed instruction in this link and add ssl-protocols line to puppetdb's jetty.ini file:
http://puppetlabs.com/blog/impact-assessment-sslv3-vulnerability-poodle-attack

#SSL protocols to use
ssl-protocols = TLSv1, TLSv1.1, TLSv1.2

2. I followed instruction in this link to reinitialize my ssl setup by running /usr/sbin/puppetdb ssl-setup -f
https://docs.puppetlabs.com/puppetdb/latest/puppetdb-faq.html

But no luck. Still same problem. Any clue?

Thanks a million!!!

Stacey

[Ryan Senior]

It would be good to isolate where the problem is. You can check the PuppetDB side of things using curl with the additional cert flags discussed at [1]. Can you connect using tlsv1 like the example has? You can also change that last flag from --tlsv1 to --sslv3 to verify that sslv3 is not working after you made the change.

[1] - https://docs.puppetlabs.com/puppetdb/2.2/api/query/curl.html#using-curl-from-remote-hosts-sslhttps

-Ryan

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d918a3bb-fe83-4a46-b19a-551687f7a43c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Stella]

Thank you Ryan! I figured it out. I accidentally cleaned up the ssl certificate for Dashboard in puppetdb. Once I regenerate it, it is working now.