It could be your CA certificate has expired. Could you paste the output of openssl x509 -text -noout -in /etc/puppet/ssl/ca.pem ?
-- Jeff McCune On Monday, June 11, 2012 at 12:59 PM, maillis...@gmail.com wrote: > : > > > I inherited an old installation (0.24) that's been trouble-free until > > > recently, when I started getting these error messages from a single > > > machine: > > > > > > Failed to retrieve current state of resource: Certificates were not > > > trusted: SSL_read:: decryption failed or bad record mac Could not > > > describe /tomcat/ROOT.xml: Certificates were not trusted: SSL_read:: > > > decryption failed or bad record mac > > > > > > > --snip-- > > > > This error is probably referring to the message authentication code > > [1], not the media access control address [2]. > > > > How is your puppet master configured? Have any recent software > > updates changed the OpenSSL libraries on your systems? > > > > [1] http://en.wikipedia.org/wiki/Message_authentication_code > > [2] http://en.wikipedia.org/wiki/MAC_address > > > > -Jeff > > Thanks for that. I did not know about the Message Authentication Code, > which makes sense in this case. > > Nothing has changed on these machines for years and I just verified > that nothing has recently been updated. I'm still digging around the > logs, nothing jumps out yet. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
