On Sat, Nov 13, 2010 at 3:19 PM, Marek Dohojda <chro...@gmail.com> wrote: > First thing I would check is time, to make sure that your manager and host > are synched. > makes sense, i didn't think of this earlier, but alas i've synced them (they were off by ~18 seconds) and still getting the exact same error.
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed > > -------------------------------------------------- > From: "David Birdsong" <david.birds...@gmail.com> > Sent: Saturday, November 13, 2010 2:49 PM > To: <puppet-users@googlegroups.com> > Subject: [Puppet Users] certificate verify failed > >> I am banging my head against the wall for recently built hosts that >> are unable to verify the server's certs. The usual is not working. >> >> on the puppet agent machine: >> find /var/lib/puppet/ssl -type f -delete >> >> on puppet master: >> puppetca --clean <new_host_cert> >> >> on agent: >> puppetd --server puppet --waitforcert 2 --no-daemonize -d -o >> >> on puppet master: >> puppetca --sign <new_host_cert> >> >> after signing the cert, this is what client shows: >> err: Could not retrieve catalog from remote server: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed >> >> I'm signing the cert that shows up on the master via puppet --list, >> simply copying and pasting. >> >> the usual steps work on all other existing hosts, but this host >> refuses to verify the cert. is it the server cert that's invalid? >> any help much appreciated. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
