Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca

[Marek Dohojda]

OK I figured this out.  The issue appeared to be with one of the classes.  
Somehow there was a bad character.  What is amazing is that all I did is open 
it and close it, so ahm yeah no clue how that fixed things, but it did.






From: Patrick 
Sent: Saturday, November 13, 2010 6:31 PM
To: puppet-users@googlegroups.com 
Subject: Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca




On Nov 13, 2010, at 4:48 PM, Marek Dohojda wrote:


  further research on this:
  I think the issue is with the certificates.  Although I have no idea what.  I 
removed /var/lib/puppet/ssl directory and recreated it.  When a client tries to 
get catalog I get the following error:
  [2010-11-13 19:31:22] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in 
`accept'
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in 
`listen'
          /usr/lib/ruby/1.8/webrick/server.rb:173:in `call'
          /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
          /usr/lib/ruby/1.8/webrick/server.rb:162:in `start'
          /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
          /usr/lib/ruby/1.8/webrick/server.rb:95:in `start'
          /usr/lib/ruby/1.8/webrick/server.rb:92:in `each'
          /usr/lib/ruby/1.8/webrick/server.rb:92:in `start'
          /usr/lib/ruby/1.8/webrick/server.rb:23:in `start'
          /usr/lib/ruby/1.8/webrick/server.rb:82:in `start'
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in 
`listen'
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in 
`initialize'
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `new'
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in 
`listen'
          /usr/lib/ruby/1.8/thread.rb:135:in `synchronize'
          /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in 
`listen'
          /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in `listen'
          /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in `start'
          /usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:128:in `start'
          
/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:122:in `main'
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send'
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command'
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in 
`exit_on_fail'
          /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
          /usr/sbin/puppetmasterd:66


  I am hitting my head against the wall.  I have no clue what I am missing.  I 
removed everything, and recreated everything from scratch and still nothing.  



It looks to me like you didn't wipe the client's directory.  I'm guessing that 
the ca is still cached on the client at /var/lib/puppet/ssl/ca.pem (I think 
that's the right place)


  On Thu, Nov 11, 2010 at 9:21 PM, Marek Dohojda <chro...@gmail.com> wrote:

    new SSL has been created I confirmed it and tested it.


    From: Teyo Tyree 
    Sent: Thursday, November 11, 2010 9:09 PM
    To: puppet-users@googlegroups.com 
    Subject: Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert 
unknown ca


    On Thu, Nov 11, 2010 at 4:56 PM, Marek Dohojda <chro...@gmail.com> wrote:

      Puppet 0.25.3-2



      I accidentally removed puppet (didn't notice that removing ruby also 
removes puppet, yes stupid).  And I re-installed.  All the files are the same.  
That includes classes and configuration.

      However I can't seem to get things working again.  here is what I done

      removed /var/lib/puppet/ssl on puppetmaster and on all guests



    Does /var/lib/puppet/ssl/ca exist?  If not, restart the puppetmaster.  A 
new CA should be created. 

    -- 
    Teyo Tyree ::  www.puppetlabs.com:: +1.503.208.4475



    -- 
    You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
    To post to this group, send email to puppet-us...@googlegroups.com.
    To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
    For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.





  -- 
  You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
  To post to this group, send email to puppet-us...@googlegroups.com.
  To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.




-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.