On Thu, 2010-04-29 at 12:27 +0100, Gabriel - IP Guys wrote: > On the client > > Client #] puppetd --test --trace > > http://pastebin.com/eft1Qmuv > > Full output of the command is above, last three lines, > > # err: Could not retrieve catalog from remote server: hostname was not > match with the server certificate > # warning: Not using cache on failed catalog > # err: Could not retrieve catalog; skipping run > > [snip]
When the client connects to the master, it checks the server certificate in 3 ways: * it should have been signed by the same CA * it should be valid (ie not expired) * the advertised server certificate CN should match the hostname used to connect to the server (or any other subjectAltName). When you launch puppetd, it connects to puppet.<search>, which usually resolved to puppet.domain.com. If your server certificate doesn't contain a CN and/or subjectAltName of puppet.domain.com, then this error is thrown. The mismatch can happen when your puppet master is in a different domain than the client. When the master generates its server certificate it uses: * it's fqdn as CN * puppet.$domain in subjectAltName, where $domain is what the current machine has if $domain on the master is different on the master and the client, the mismatch will happen. This is always true if your master is multi-homed and can be accessed from several networks using different domains. In this case you need to generate the server certificate with the puppet master name in every domains with --certdnsname. > Now, back to my original issue! Oh, I am on IRC, irc.freenode.org > lurkin in the #puppet room ☺ What's your nickname? -- Brice Figureau Follow the latest Puppet Community evolutions on www.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
