On 7 April 2011 04:02, Andrei Serdeliuc <and...@serdeliuc.ro> wrote: > Hi, > > I've been at it for about 4 days now and I just can't figure it out. > I'm getting the following error when running puppet agent on my > masters: SSL_connect returned=1 errno=0 state=SSLv3 read server > certificate B: certificate verify failed >
It took me a bit longer than 4 days, but using http://bodepd.com/wordpress/?p=7 as a guide, I did this: 1. CA server is a puppet server with the exact same configuration on all puppet servers. ca_server is puppet-ca.example.com 2. Same certname everywhere: puppet.example.com. Manage the certs in puppet: $etc/ssl/ca/signed/puppet.example.com.pem $etc/ssl/certs/puppet.example.com.pem $etc/ssl/private_keys/puppet.example.com.pem $etc/ssl/public_keys/puppet.example.com.pem 3. Same certdnsname everywhere with every possible combination of name the client contacts the puppet master with. I have heard (but not tried) you can use wild cards. This includes puppet-ca.example.com, puppet.example.com, ... 4. I keep all $etc/ssl/ca files managed in puppet too Note that I use CNAMEs everywhere so I don't have to change certificates if I replace a machine. Adding machines will require a new cert Keep playing. Once it works, it works well. I can deploy a new puppet server in the blink of an eye! John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
