On Mar 4, 2010, at 11:55 AM, Douglas Garstang wrote: > All I can is Ugh. > > I'm avoiding 0.25 like the plague. The last time I tried to use it, I > simply couldn't the SSL keys to work, and from what I read, others did > too. Were those problems fixed? > > Doug.
The problem that most people were having is pretty simple. The server must be able to find the client using DNS, or else the SSL certificate doesn't end up in puppetca. I don't know exactly where it's failing, but as long as your server can do a forward and reverse lookup on your clients, you should be fine. This is only an issue when a client that does not have a certificate connects to the server. As long as the client has a certificate in puppetca, it should be fine. Some people got around this problem by adding the client to the server's /etc/hosts until the client's first run was over. More information at http://projects.reductivelabs.com/issues/3083 There was one other problem that I remember having to do with serial number having a value of zero in certificates. I don't remember what that affected, or if it was fixed though. It did only happen when using puppetmaster through a different server like Mongrel or Passenger. I don't remember which one(s) it is though. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
