Hi, Thank you,
Then if I change it to [main] after cleaning the puppet.mydomain.com certs, I get this : info: Creating a new SSL key for puppet.mydomain.com warning: peer certificate won't be verified in this SSL session err: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol Exiting; failed to retrieve certificate and waitforcert is disabled If I make a puppetca --list --all, I can't see the puppet.mydomain.com request and so I can't sign it. Regards, JC. On 2 avr, 22:37, Denmat <tu2bg...@gmail.com> wrote: > Hi, > > What happens if you move certname to [main] instead? > > Cheers, > Den > > On 03/04/2012, at 1:27, Jcduss <nicomai...@gmail.com> wrote: > > > > > > > > > Dear All, > > > I've got troubles with my puppet master which doesn't trust its own > > agent working on the same machine. This master has already about 50 > > clients running on differents servers and differents version of puppet > > client and working like a charm on them. > > > Master is installed with passenger on a stable debian squeeze > > ii puppet 2.6.2-5+squeeze4 > > ii puppet-common 2.6.2-5+squeeze4 > > ii puppetmaster 2.6.2-5+squeeze4 > > > I tried different name for my agent (with a puppetca --clean <NODES> > > each time). And each time I get a > > "err: Could not retrieve catalog from remote server: SSL_connect > > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > > verify failed. This is often because the time is out of sync on the > > server or client" > > > Agent is configured like this : > > > [agent] > > server=puppet.mydomain.lan > > certname=puppet.mydomain.lan > > report=true > > > This can't be a date issue, this is the same host for client and > > server, certificates has also been revewed and dates is ok with > > openssl. > > > My hosts file is configured like this : > > 127.0.0.1 localhost.localdomain localhost > > 192.168.1.11 puppet puppet.mydomain.lan > > > I tried the tricks with the link in openssl dir in > >http://projects.puppetlabs.com/issues/8858without success. > > > What should I mess ? > > > Thank you, > > JC. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
