Hi,
I have a puppet master and agent installed. I want to generate and
configure master-agent certificate and followed the steps:
Master:
==========
1. Cleaned up all certificate on Master:
[root@puppet-server manifests]# puppet cert sign --all
No waiting certificate requests to sign
[root@puppet-server manifests]# puppet cert clean --all
notice: Revoked certificate with serial 16
notice: Removing file Puppet::SSL::Certificate puppet-client.test.com
at '/var/lib/puppet/ssl/ca/signed/puppet-client.test.com.pem'
notice: Removing file Puppet::SSL::Certificate puppet-client.test.com
at '/var/lib/puppet/ssl/certs/puppet-client.test.com.pem'
[root@puppet-server manifests]# puppet cert clean --all
[root@puppet-server manifests]#
2. Removed all ssl/* from Agent
[root@puppet-client yum.repos.d]# rm -fr /var/lib/puppet/ssl/*
[root@puppet-client yum.repos.d]# cd /var/lib/puppet/ssl/
[root@puppet-client ssl]# ls
[root@puppet-client ssl]#
3. Generating Certificate from Agent:
[root@puppet-client ssl]# puppet agent --test --verbose --server
puppet-server.test.com
info: Creating a new SSL key for puppet-client.test.com
info: Caching certificate for ca
info: Creating a new SSL certificate request for puppet-client.test.com
info: Certificate Request fingerprint (md5):
AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1
Exiting; no certificate found and waitforcert is disabled
[root@puppet-client ssl]#
4. Accepting it through Master:
[root@puppet-server manifests]# puppetca -l
"puppet-client.test.com"
(AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1)
[root@puppet-server manifests]#
[root@puppet-server manifests]# puppet cert sign --all
notice: Signed certificate request for puppet-client.test.com
notice: Removing file Puppet::SSL::CertificateRequest
puppet-client.test.com at
'/var/lib/puppet/ssl/ca/requests/puppet-client.test.com.pem'
[root@puppet-server manifests]#
Well going.
5.[root@puppet-client ssl]# puppet agent --test --verbose --server
puppet-server.test.com
info: Caching certificate for puppet-client.test.com
info: Caching certificate_revocation_list for ca
err: Could not retrieve catalog from remote server: SSL_connect
returned=1 errno=0 state=SSLv3 read server certificate B: certificate
verify failed: [certificate revoked for /CN=puppet-server.test.com]
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed: [certificate revoked
for /CN=puppet-server.test.com]
[root@puppet-client ssl]#
I tried to remove all the certificate from agent manually
/var/lib/puppet/ssl/* but things dint fix the issue.
I also tried to generate the certificate on server through :
puppet agent --test --server=`hostname`
and then performed all the steps above. No Luck with this too.
How to fix this issue?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/ftT-TXdZQkEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
