Did you remove the ssldir on the server or the client? Usually to completely reset the cert you run clean on the server, remove the contents of the ssldir on the client, then re-run puppet and it should rebuild the cert. I wouldn't recommend removing the ssldir on the server except as a last resort, otherwise you'll have to rebuild all your client certs.
If that's what you already did, make sure that your ssldir and its contents are owned by user & group puppet as well. On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan <makhan...@gmail.com> wrote: > Do I need to make any changes to server or delete sl info on the server. I > am still getting the certificate verify failed error on clients? > > > On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan <makhan...@gmail.com> wrote: >> >> I was able to sign the certificate to the client but still I am getting >> this error now on the >> client: >> >> Client puppet-agent[15030]: Starting Puppet client version 2.6.12 >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog >> from remote server: certificate verify failed >> Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; >> skipping run >> >> >> >> >> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan <makhan...@gmail.com> >> wrote: >>> >>> I have gone little further nowwhat I have done is to delete the ssl >>> folder from one of the client and ran this command on server: puppetca >>> --clean clientname >>> it has generated new certificate but in the end I get the same error: >>> >>> err: Could not call revoke: Cannot convert into OpenSSL::BN >>> Further more when i restart the agent from the client now I get this >>> message under server message log: client has a waiting certificate request >>> Under my client message log: >>> hostname puppet-agent[13385]: Did not receive certificate >>> >>> >>> >>> >>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan <makhan...@gmail.com> >>> wrote: >>>> >>>> I have tried to deleted the ssl folder under puppet. And then tried to >>>> clean the certificate from the server but did not work. >>>> #puppetca --clean hostname >>>> notice: Revoked certificate with serial # Inventory of signed >>>> certificates >>>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT >>>> >>>> >>>> err: Could not call revoke: Cannot convert into OpenSSL::BN >>>> >>>> >>>> >>>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan <makhan...@gmail.com> >>>> wrote: >>>>> >>>>> Thanks guys; I am getting closer but still some errors. I am getting >>>>> these errors now. >>>>> Starting Puppet client version 2.6.12 >>>>> Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog >>>>> from remote server: Retrieved certificate does not match private key; >>>>> please >>>>> remove certificate from server and regenerate it with the current key >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; >>>>> skipping run >>>>> >>>>> >>>>> >>>>> >>>>> On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz >>>>> <bernd.adamow...@esailors.de> wrote: >>>>>> >>>>>> I'm pretty sure that, besides the other answers already provided, your >>>>>> main problem is the wrong user for your Puppet configuration. It should >>>>>> be >>>>>> user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: >>>>>> >>>>>> drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . >>>>>> drwxr-xr-x 79 root root 12K Dec 26 04:03 .. >>>>>> -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf >>>>>> drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments >>>>>> drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests >>>>>> -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf >>>>>> -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf >>>>>> drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn >>>>>> >>>>>> So a command like 'chown -R puppet:puppet /etc/puppet' issued as >>>>>> 'root' should solve your main problem which is the 'Permission denied' >>>>>> error >>>>>> as well as the non starting Puppet process. >>>>>> >>>>>> Bernd >>>>>> >>>>>> > -----Ursprüngliche Nachricht----- >>>>>> > Von: puppet-users@googlegroups.com [mailto:puppet- >>>>>> > us...@googlegroups.com] Im Auftrag von Khan >>>>>> > Gesendet: Donnerstag, 29. Dezember 2011 17:37 >>>>>> > An: Puppet Users >>>>>> > Betreff: [Puppet Users] Puppetserver error >>>>>> > >>>>>> > Hello everyone, >>>>>> > I am new to puppet. I have installed on redhat Enterprise 5and seems >>>>>> > to be working fine. Couple days ago I was testing some permissions >>>>>> > on / >>>>>> > etc folder and applied 600 /etc and sub folders. Although I have >>>>>> > reverted the permission but I am having issues on puppetmaster. >>>>>> > Currently I have these permission on etc 755 and puppet folder: >>>>>> > my /etc folder is 755 and puppet folder with tese permsions: >>>>>> > >>>>>> > -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf >>>>>> > -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf >>>>>> > drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests >>>>>> > drwxr-xr-x 21 root root 4096 Oct 22 2010 modules >>>>>> > -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf >>>>>> > -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew >>>>>> > >>>>>> > I am getting these error in the log: >>>>>> > >>>>>> > puppet-master[3519]: Could not parse for environment production: >>>>>> > Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/ >>>>>> > puppet/manifests/site.pp:3 on node client1 >>>>>> > >>>>>> > Dec 27 14:25:46 server puppet-master[3519]: Could not parse for >>>>>> > environment production: Permission denied - /etc/puppet/manifests/ >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2 >>>>>> > >>>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for >>>>>> > environment production: Permission denied - /etc/puppet/manifests/ >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3 >>>>>> > >>>>>> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for >>>>>> > environment production: Permission denied - /etc/puppet/manifests/ >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client4 >>>>>> > >>>>>> > Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve >>>>>> > catalog >>>>>> > from remote server: Error 400 on SERVER: Could not parse for >>>>>> > environment production: Permission denied - /etc/puppet/manifests/ >>>>>> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node server >>>>>> > Any Help will be greatly appreciated. >>>>>> > >>>>>> > -- >>>>>> > You received this message because you are subscribed to the Google >>>>>> > Groups "Puppet Users" group. >>>>>> > To post to this group, send email to puppet-users@googlegroups.com. >>>>>> > To unsubscribe from this group, send email to puppet- >>>>>> > users+unsubscr...@googlegroups.com. >>>>>> > For more options, visit this group at >>>>>> > http://groups.google.com/group/puppet-users?hl=en. >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Puppet Users" group. >>>>>> To post to this group, send email to puppet-users@googlegroups.com. >>>>>> To unsubscribe from this group, send email to >>>>>> puppet-users+unsubscr...@googlegroups.com. >>>>>> For more options, visit this group at >>>>>> http://groups.google.com/group/puppet-users?hl=en. >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Regards, >>>>> Mohammad >>>>> >>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Mohammad >>>> >>> >>> >>> >>> -- >>> Regards, >>> Mohammad >>> >> >> >> >> -- >> Regards, >> Mohammad >> > > > > -- > Regards, > Mohammad > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
