If you used the Solaris blastwave packages, it might be that your certs are in a different directory... check your puppet configs for where your ssl dir is (could be /etc/puppet/ssl, /var/lib/puppet/ssl, /opt/csw/etc/puppet/ssl .....)
Cheers, Ohad On Tue, Feb 10, 2009 at 6:29 AM, chakkerz <chakk...@gmail.com> wrote: > > Ok, i've re-read > http://reductivelabs.com/trac/puppet/wiki/CertificatesAndSecurity > and some things fell into place (though it still doesn't work :) ) > > So the CA here is my host puppetbeta which is the master. On it i > signed the cert that the puppetsun generated when i ran `puppetd -- > test` , using `puppetca --sign puppetsun... ` and when i run `puppetca > --list --all` it's happily there. > > Just to be sure though, (going on my former interpretation of 'signed' > as 'created') i did the `puppetca --generate puppetsun` and then > copied > r...@puppetsun:/var/lib/puppet/ssl# find ./ > ./ > ./private_keys > ./private_keys/puppetsun.its.uq.edu.au.pem > ./certs > ./certs/ca.pem > ./certs/puppetsun.its.uq.edu.au.pem > > ^ these. Upon running puppetd -vt i get: > r...@puppetsun:/var/lib/puppet# /opt/csw/bin/puppetd -vt > info: Retrieving plugins > warning: Certificate validation failed; consider using the certname > configuration option > err: /File[/var/lib/puppet/lib]: Failed to generate additional > resources during transaction: Certificates were not trusted: > SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: > certificate verify failed > warning: Certificate validation failed; consider using the certname > configuration option > err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of > resource: Certificates were not trusted: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify > failed Could not describe /plugins: Certificates were not trusted: > SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: > certificate verify failed > err: Could not retrieve catalog: private method `chomp' called for > nil:NilClass > > which remains the exact same error. > > The two versions i'm running are: > Master: > [r...@puppetbeta ssl]# puppet --version > 0.24.7 > > Slave: > r...@puppetsun:/opt/csw/bin# ./puppet --version > 0.24.7 > > What's the certname option it talks about? > > cheers > chakkerz > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
