I don't understand that last bit: "make sure the public cert of the puppetca is in the CA file on the puppetmaster (so it will trust the client)." How do I put the public cert of the puppetca into the puppetmaster?
On Mon, Nov 10, 2008 at 5:27 PM, RijilV <[EMAIL PROTECTED]> wrote: > On 10 November 2008 14:04, Eugene Ventimiglia <[EMAIL PROTECTED]> wrote: > >> I'm having difficulty getting my head around some CA issues >> My client has: >> [puppetd] >> ca_server=puppetca.mydomain.com >> >> and puppet resolves to a different machine. >> when puppet connects, it requests a signature from puppetca.mydomain.combut >> then on the next pass fails with the following: >> >> err: Could not retrieve catalog: Certificates were not trusted: >> SSL_connect returned=1 errno=0 state=SSLv3 read finished A: tlsv1 alert >> unknown ca >> >> Is there something I have to do on the puppetmaster to tell it about the >> other CA? >> --e >> >> > Hrm, not sure I have enough information to help you out here. I'm going to > make the following assumptions, please correct me if I'm wrong. > > puppetca: creates puppet client certs > puppetmaster: another puppet master cert > puppet client: created from the puppetca > > When the puppet client gets the cert from the puppetca, then tries to talk > to the puppetmaster, it fails because the puppetmaster doesn't trust the > client, and the client doesn't trust the puppetmaster. What you need to do > is make sure the puppetmaster cert is signed by the puppetca (that will get > the client trusting the master) and make sure the public cert of the > puppetca is in the CA file on the puppetmaster (so it will trust the > client). > > > .r' > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
