client certificate issue
20 views
Skip to first unread message
Karel
May 7, 2015, 10:19:41 AM5/7/15
to puppet...@googlegroups.com
Hi,
I have a problem with a certificate on some servers.
C:\Program Files\Puppet Labs\Puppet Enterprise\bin>puppet agent -t
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: 93:85:FC:CF:32:19:43:33:75:43:B0:43:D3:60:4C:69
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
On the master:
puppet cert clean ..........
I would need to know if it is possible to track this issue from Puppet Master side. Is this communication logged somewhere to log files on Puppet Master servers?
I need to know a list of clients that have the problem with the cert.
Thanks,
Karel
I have a problem with a certificate on some servers.
C:\Program Files\Puppet Labs\Puppet Enterprise\bin>puppet agent -t
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: 93:85:FC:CF:32:19:43:33:75:43:B0:43:D3:60:4C:69
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
On the master:
puppet cert clean ..........
I would need to know if it is possible to track this issue from Puppet Master side. Is this communication logged somewhere to log files on Puppet Master servers?
I need to know a list of clients that have the problem with the cert.
Thanks,
Karel
Felix Frank
May 13, 2015, 8:50:36 AM5/13/15
to puppet...@googlegroups.com
Hi,
there really is no way for the master to tell directly.
The best approach is to enable storing of reports (e.g. in PuppetDB) so
that you can monitor agent operation. Afflicted agents do not run and do
not report. Tools like Puppet Explorer can indicate this to you very
directly.
HTH,
Felix
there really is no way for the master to tell directly.
The best approach is to enable storing of reports (e.g. in PuppetDB) so
that you can monitor agent operation. Afflicted agents do not run and do
not report. Tools like Puppet Explorer can indicate this to you very
directly.
HTH,
Felix
Reply all
Reply to author
Forward
0 new messages