I am running into the same problem and it just dawned on me that Solaris might put it in another directory, the master is redhat, the clients are Solaris.
What would change for a solaris certificate? On Tuesday, August 28, 2012 2:08:51 AM UTC-7, Ajeet Raina wrote: > > Hi, > > I have a puppet master and agent installed. I want to generate and > configure master-agent certificate and followed the steps: > > Master: > ========== > 1. Cleaned up all certificate on Master: > > [root@puppet-server manifests]# puppet cert sign --all > No waiting certificate requests to sign > [root@puppet-server manifests]# puppet cert clean --all > notice: Revoked certificate with serial 16 > notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat > '/var/lib/puppet/ssl/ca/signed/puppet-client.test.com.pem' > notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat > '/var/lib/puppet/ssl/certs/puppet-client.test.com.pem' > [root@puppet-server manifests]# puppet cert clean --all > [root@puppet-server manifests]# > > 2. Removed all ssl/* from Agent > > [root@puppet-client yum.repos.d]# rm -fr /var/lib/puppet/ssl/* > [root@puppet-client yum.repos.d]# cd /var/lib/puppet/ssl/ > [root@puppet-client ssl]# ls > [root@puppet-client ssl]# > > 3. Generating Certificate from Agent: > > [root@puppet-client ssl]# puppet agent --test --verbose --server > puppet-server.test.com > info: Creating a new SSL key for puppet-client.test.com > info: Caching certificate for ca > info: Creating a new SSL certificate request for > puppet-client.test.com > info: Certificate Request fingerprint (md5): > AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1 > Exiting; no certificate found and waitforcert is disabled > [root@puppet-client ssl]# > > 4. Accepting it through Master: > > [root@puppet-server manifests]# puppetca -l > "puppet-client.test.com" > (AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1) > [root@puppet-server manifests]# > [root@puppet-server manifests]# puppet cert sign --all > notice: Signed certificate request for puppet-client.test.com > notice: Removing file Puppet::SSL::CertificateRequest > puppet-client.test.com at > '/var/lib/puppet/ssl/ca/requests/puppet-client.test.com.pem' > [root@puppet-server manifests]# > > Well going. > > 5.[root@puppet-client ssl]# puppet agent --test --verbose --server > puppet-server.test.com > info: Caching certificate for puppet-client.test.com > info: Caching certificate_revocation_list for ca > err: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed: [certificate revoked for /CN=puppet-server.test.com] > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed: [certificate revoked > for /CN=puppet-server.test.com] > [root@puppet-client ssl]# > > I tried to remove all the certificate from agent manually > /var/lib/puppet/ssl/* but things dint fix the issue. > I also tried to generate the certificate on server through : > > puppet agent --test --server=`hostname` > > and then performed all the steps above. No Luck with this too. > > How to fix this issue? > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
