What version of Puppet are you using? The old method of doing this had a serious security problem, so the newer releases have a different config method for assigning the acceptable aliases for a cert.
On Wed, Nov 2, 2011 at 11:26 AM, TFML <mailingl...@theflux.net> wrote: > I'm curious... the server FQDN is puppetmaster.lagged.com but I have the > server as puppet.lagged.com, can that be the cause of the problem? If so how > would I create the certificate to be valid for puppet.lagged.com and not be > puppetmaster.lagged.com > On Nov 2, 2011, at 2:01 PM, Aaron Grewell wrote: > >> When I did this in my test environment I removed the entire contents >> of the ssldir from the client to make sure that both the client & >> server cert were pulled down anew. >> >> On Wed, Nov 2, 2011 at 10:25 AM, TFML <mailingl...@theflux.net> wrote: >>> I'm running in circles with this issue... I accidentally did a 'puppetca >>> --clean --all' and lost all certificates. I was able to get the >>> puppetmaster running and re-created certificates for the client system, but >>> I get the following error: >>> >>> warning: peer certificate won't be verified in this SSL session >>> info: Caching certificate for w0f.lagged.com >>> info: Retrieving plugin >>> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources >>> using 'eval_generate': certificate verify failed >>> err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of >>> resource: certificate verify failed Could not retrieve file metadata for >>> puppet://puppet.lagged.com/plugins: certificate verify failed >>> info: Loading facts in snmpd >>> info: Loading facts in diskdrives >>> info: Loading facts in snmpd >>> info: Loading facts in diskdrives >>> err: Could not retrieve catalog from remote server: certificate verify >>> failed >>> warning: Not using cache on failed catalog >>> err: Could not retrieve catalog; skipping run >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to >>> puppet-users+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >>> >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
