Actually, the problem was solved once the hostnames are the same as the cert names.
On May 20, 12:18 pm, Luke Kanies <l...@madstop.com> wrote: > On May 19, 2009, at 8:07 PM, Drew Morone wrote: > > > > > Having a problem with cert negotiation between client and server. > > > client: > > CentOS 4.4 > > 2.6.9 kernel > > ruby 1.8.1-7 > > puppet 0.24.8 > > > Server: > > Debian 4 > > 2.6.9 kernel > > ruby 1.8.7 > > 0.24.8-1 > > > Client: > > Launch puppetd with -w30 > > > Server: > > puppetca --list shows client server. I puppetca --sign it. > > > Then on the client, I get this: > > notice: Got signed certificate > > notice: Starting Puppet client version 0.24.8 > > debug: Loaded state in 0.03 seconds > > debug: Retrieved facts in 0.81 seconds > > debug: Retrieving catalog > > debug: Calling puppetmaster.getconfig > > warning: Certificate validation failed; consider using the certname > > configuration option > > err: Could not retrieve catalog: Certificates were not trusted: > > certificate verify failed > > > I've checked the time on both servers. they are the same. > > I've checked the cert on both servers w/ openssl verify. they are > > good. > > > Any ideas? > > Which certificate did you check on the client, and how did you do it? > > It *might* be the fact that your client is using ruby 1.8.1, but I > doubt it. > > -- > Life isn't fair. It's just fairer than death, that's all. > -- William Goldman > --------------------------------------------------------------------- > Luke Kanies |http://reductivelabs.com|http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
