Hi Ken, On Thu, May 16, 2013 at 5:34 PM, Ken Barber <k...@puppetlabs.com> wrote: > I think the certificate fingerprint issue you received is a worry, but > might not indicate a problem per se. Lets use openssl instead to get > the fingerprint directly:
Still get this problem. > # openssl x509 -noout -in `puppet master --configprint hostcert` > -fingerprint -md5 > > So if I do the same exercise on my own host I get: > https://gist.github.com/kbarber/5592588 I see, and I'va replicated this now. The hashes match. > Notice how the fingerprints match? At first glance your failing > command seems to indicate the certificate in your JKS store is _not_ > the same as the certificate being used by Puppet itself, but try the > openssl variant I showed you above instead and see how it goes. It indeed wasn't, now it is :). > If they do not match, it would make sense that you are receiving a > chain problem. The certificate in your keystore.jks file might not be > signed by the CA. Perhaps it is old and left over from another > certificate loading attempt? > > What is weird is that you say you cleared /etc/puppetdb/ssl and re-ran > puppetdb-ssl-setup didn't you? This action should be enough to restore > the correct key in keystore.jks. I am not sure I did the ssl-setup command again. I started all over again on the puppetdb. Deleted the package, all the logs and configuration and reinstalled puppetdb. I included a complete output: http://pastebin.com/raw.php?i=TDejFAvp Does this make things more clear? I did a clean install of 1.3.0, maybe there is a problem in that version? Thanks, Karlo -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
