On Mon, Dec 06, 2010 at 12:13:37PM -0800, Kikanny wrote: > Whenever I try to connect to the master from the client, I get the > following error: > > Could not retrieve catalog from remote server: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify > failed
I can think of the following reasons: * Client generated a new certificate after your master signed one. * When you connect a new client it retrieves the masters certificate. When you connect again, the certificate will be checked. If you rebuild your puppetmaster, your client will not trust its new certificate. * You revoked your client's certificate * You revoked the certificate of your master If this is your first attempt to use puppet, try a fresh restart: * remove /etc/puppet/ssl and/or /var/lib/puppet/ssl on master and client * puppet cert --list --all should be empty on master * run puppet master --no-daemonize --verbose on master * run puppet agent --server masters_hostname --test --waitforcert 15 on client * run puppet cert --list and puppet cert --sign on master If that does not work, you can check the subject of the certificates because I think they have to match the hostname. You can do that with "puppet cert --list" and "puppet cert --print <fqdn>" and on the client "openssl x509 -text -in /var/lib/puppet/ssl/certs/ca.pem" should work -Stefan
pgpr4Ru2DWGKd.pgp
Description: PGP signature
