This error is printed from the client - e.g. the client doesn't trust the server..
It is possible to make it work with your setup, however I would not recommend to work this way, either have an external CA that signs for all puppetmasters, or use certificate chain, it simplifies the setup and troubleshooting... Cheers, Ohad On Wed, Jan 14, 2009 at 10:04 AM, Amos Shapira <amos.shap...@gmail.com>wrote: > > Oops. Replying to my own post, after re-reading one of the messages in > this group a few more times (http://groups.google.com/group/puppet- > users/msg/559819ffc956337e<http://groups.google.com/group/puppet-users/msg/559819ffc956337e>) > while waiting for my experiments to run I > finally realised that it's relevant to my too. > > It turned out that the $fileserver and $urlbase were still pointing to > the other server (ds501). So I think what happened is that ds502 got > the certificate request, I signed it, then the puppet clients accessed > it, got hold of the manifests and even the templates, but they tried > to fetch the files from ds501 (the "working" server) which didn't > recognise the client certificate and refused access. Once we fixed > $fileserver to point to the right server things started dancing again. > > TAKE AWAY from this (and other tackles by puppet problems): PLEASE > make it clear in the log messages where they are coming from and what > they complain about - is this error printed bythe puppet master? the > puppet client? Which host name? What string did it see in the > certificate vs. what did it expect? > > Thanks. > > --Amos > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
