Puppet Certificate verify failed
403 views
Skip to first unread message
Hugo Deprez
Mar 10, 2011, 9:18:10 AM3/10/11
to puppet...@googlegroups.com
Hello,
I am trying to configure a new puppet server on Debian Squeeze, so the server version will be 2.6.2-4.
I am trying to configure a client running Lenny, the puppet version is 0.25.4-2
I declare the new client with the command :
#puppetd --server puppet.domain.tld --waitforcert 60 --test
on the server :
#puppetca --sign client.domain.tld
When the client finish to execute the first command I have the following output :
*****
info: Caching certificate for host.domain.tld
info: Retrieving plugin
info: Caching certificate_revocation_list for ca
err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: Could not retrieve information from source(s) puppet://puppet.domain.tld/plugins
info: Caching catalog for host.domain.tld
info: Applying configuration version '1299765672'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.01 seconds
*****
Then if I run on the client :
# puppetd -vt
I get a certificate error :
*****
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
****
I read some post about such error, date is sync between the server and client (using the same ntp server).
Any help appreciated !
Hugo
I am trying to configure a new puppet server on Debian Squeeze, so the server version will be 2.6.2-4.
I am trying to configure a client running Lenny, the puppet version is 0.25.4-2
I declare the new client with the command :
#puppetd --server puppet.domain.tld --waitforcert 60 --test
on the server :
#puppetca --sign client.domain.tld
When the client finish to execute the first command I have the following output :
*****
info: Caching certificate for host.domain.tld
info: Retrieving plugin
info: Caching certificate_revocation_list for ca
err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: Could not retrieve information from source(s) puppet://puppet.domain.tld/plugins
info: Caching catalog for host.domain.tld
info: Applying configuration version '1299765672'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.01 seconds
*****
Then if I run on the client :
# puppetd -vt
I get a certificate error :
*****
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
****
I read some post about such error, date is sync between the server and client (using the same ntp server).
Any help appreciated !
Hugo
joel.m...@gmail.com
Feb 11, 2013, 12:14:48 PM2/11/13
to puppet-users
Yes, use a hostname that exists? puppet.domain.tld is just an example FQDN. Point it at the hostname of your puppet master.
On Mon, Feb 11, 2013 at 4:12 PM, Luigi Martin Petrella <luigima...@gmail.com> wrote:
I have the same issue right now trying to connect a puppet master on CENTOS 6 and an agent on Red Hat 4.
Did you finally found a solution??
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.Visit this group at http://groups.google.com/group/puppet-users?hl=en.For more options, visit https://groups.google.com/groups/opt_out.
--
$ echo "kpfmAdpoofdufevq/dp/vl" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
Reply all
Reply to author
Forward
0 new messages