Is the clock of the troublesome host synchronized with all of the others? This is often the cause of certificate verification failures.
Hope this helps, -- Jeff McCune - (+1-503-208-4484) On Nov 13, 2010, at 10:49 PM, David Birdsong <david.birds...@gmail.com> wrote: > I am banging my head against the wall for recently built hosts that > are unable to verify the server's certs. The usual is not working. > > on the puppet agent machine: > find /var/lib/puppet/ssl -type f -delete > > on puppet master: > puppetca --clean <new_host_cert> > > on agent: > puppetd --server puppet --waitforcert 2 --no-daemonize -d -o > > on puppet master: > puppetca --sign <new_host_cert> > > after signing the cert, this is what client shows: > err: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed > > I'm signing the cert that shows up on the master via puppet --list, > simply copying and pasting. > > the usual steps work on all other existing hosts, but this host > refuses to verify the cert. is it the server cert that's invalid? > any help much appreciated. > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en > . > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
