Hi.. Can you check date and time on both master and agent.. it should be in sync with master..
Regards, Ashish Jaiswal On Aug 28, 2012 2:38 PM, "Ajeet Raina" <ajeetra...@gmail.com> wrote: > Hi, > > I have a puppet master and agent installed. I want to generate and > configure master-agent certificate and followed the steps: > > Master: > ========== > 1. Cleaned up all certificate on Master: > > [root@puppet-server manifests]# puppet cert sign --all > No waiting certificate requests to sign > [root@puppet-server manifests]# puppet cert clean --all > notice: Revoked certificate with serial 16 > notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat > '/var/lib/puppet/ssl/ca/signed/puppet-client.test.com.pem' > notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat > '/var/lib/puppet/ssl/certs/puppet-client.test.com.pem' > [root@puppet-server manifests]# puppet cert clean --all > [root@puppet-server manifests]# > > 2. Removed all ssl/* from Agent > > [root@puppet-client yum.repos.d]# rm -fr /var/lib/puppet/ssl/* > [root@puppet-client yum.repos.d]# cd /var/lib/puppet/ssl/ > [root@puppet-client ssl]# ls > [root@puppet-client ssl]# > > 3. Generating Certificate from Agent: > > [root@puppet-client ssl]# puppet agent --test --verbose --server > puppet-server.test.com > info: Creating a new SSL key for puppet-client.test.com > info: Caching certificate for ca > info: Creating a new SSL certificate request for > puppet-client.test.com > info: Certificate Request fingerprint (md5): > AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1 > Exiting; no certificate found and waitforcert is disabled > [root@puppet-client ssl]# > > 4. Accepting it through Master: > > [root@puppet-server manifests]# puppetca -l > "puppet-client.test.com" > (AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1) > [root@puppet-server manifests]# > [root@puppet-server manifests]# puppet cert sign --all > notice: Signed certificate request for puppet-client.test.com > notice: Removing file Puppet::SSL::CertificateRequest > puppet-client.test.com at > '/var/lib/puppet/ssl/ca/requests/puppet-client.test.com.pem' > [root@puppet-server manifests]# > > Well going. > > 5.[root@puppet-client ssl]# puppet agent --test --verbose --server > puppet-server.test.com > info: Caching certificate for puppet-client.test.com > info: Caching certificate_revocation_list for ca > err: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed: [certificate revoked for /CN=puppet-server.test.com] > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed: [certificate revoked > for /CN=puppet-server.test.com] > [root@puppet-client ssl]# > > I tried to remove all the certificate from agent manually > /var/lib/puppet/ssl/* but things dint fix the issue. > I also tried to generate the certificate on server through : > > puppet agent --test --server=`hostname` > > and then performed all the steps above. No Luck with this too. > > How to fix this issue? > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/ftT-TXdZQkEJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
