Key exchange happens, but policy hub rejects client for bad key

[Louis Gillette]

During the bootstrapping operation, things seem to go fine except the client gets hung up on after the key exchange.

 verbose: Saving public key to file '/var/cfengine/ppkeys/root-MD5=c8b82145cfe652a7f4080f236e9e3e77.pub'
   debug: TLSRecvLines(): CFE_v2 cf-serverd 3.10.0.
   error: Connection unexpectedly closed (SSL_read): socket closed
   error: Connection was hung up while receiving line:
   error: Connection was hung up during identification! (3)
 verbose: Connection to {policy_hub_ip} is closed
    info: Unable to establish connection to '{policy_hub_ip}'
   error: No suitable server found

When I check the logs on the policy server though, it says the key presented from the client is bad

Jan 26 18:50:02 engine cf-serverd[3996]: CFEngine(server)  {client_ip}> TRUST FAILED, peer presented an untrusted key, dropping connection!

Any idea what's going on here?

[Neil Watson]

Is the client key from a previous bootstrap? Servers can be configured
to not trust repeat keys.

--
Neil H Watson @neil_h_watson
CFEngine reporting: https://github.com/neilhwatson/delta_reporting
CFEngine policy: https://github.com/neilhwatson/evolve_cfengine_freelib
CFEngine and vim: https://github.com/neilhwatson/vim_cf3

[Louis Gillette]

I removed the keys before regenerating them. Then I tried bootstrapping; the results are posted above.

[Alex Georgopoulos]

Have you tried running cf-serverd in the forground with verbose to see what it says when you attempt to bootstrap?  cf-serverd -F -v