Hi Robert, Yes, you shouldn't need to delete $ssldir on the Master. I'll reply to you fully tomorrow (or someone on American time can this evening). The error itself is strange (TLS handshake?) but describing what you've done I'd think you'd have a certificate / hostname mismatch problem.
Have a look at Dan Bode's blog post about sharing a CA, it has the commands for generating puppet certs with additional Cert DNS names: http://bodepd.com/wordpress/?p=7 Down the bottom of Masterzen's blog post are some helpful openssl commands for checking certificates: http://www.masterzen.fr/2010/11/14/puppet-ssl-explained/ You can also generate a certificate on your Puppet Master with the name 'puppet' to be used by Apache, then use one for your Puppet Master as a Puppet client to use (a master cert and a client cert). But don't delete the CA yet ;) -Luke On Jan 24, 3:08 pm, Robert Scheer <r...@xs4all.net> wrote: > certs/ca.pem and ca/ca_crt.pem (which are identical files) both contain: > Issuer: CN=puppet.domain.com > Validity > Not Before: Mar 25 15:51:31 2008 GMT > Not After : Mar 24 15:51:31 2013 GMT > Subject: CN=puppet.domain.com > > I imagine I could solve this problem by completely throwing away $ssldir, > letting the puppetmaster recreate it from scratch, but that would mean that > I have to login to each node, remove $ssldir there as well, and sign its > new CSR. > > Is there a way to solve this problem without doing that? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
