[Puppet Users] Re: 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca

[Havary]

I solved de problem. I dont use the best way, but worked.

on the client: rm -rf /etc/puppet/ssl/*
on the server rm -rf /var/lib/puppet/ssl/*

yes I know, I deleted all cert files of all servers. After that a sign all 
the certs.

--thank

Em sexta-feira, 18 de outubro de 2013 15h45min10s UTC-3, Havary escreveu:
>
> Hi, ppl
>
> I dont know what to do.
> I configure a new client do sync with my server. the server accept de 
> client_cert without errors and then when i run the "puppet agent -t" agaion 
> i got this error output
>
> info: Retrieving plugin
> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources 
> using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read 
> server session ticket A: tlsv1 alert unknown ca
> err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect 
> returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert 
> unknown ca Could not retrieve file metadata for 
> puppet://gfn-puppetmaster/plugins: SSL_connect returned=1 errno=0 
> state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
> err: Could not retrieve catalog from remote server: SSL_connect returned=1 
> errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 
> read server session ticket A: tlsv1 alert unknown ca
>
> What i already checked the /etc/config of the client and de server. And 
> the config files, but maybe i m missing something.
>
> Could you help me, thank.
>
> *## Client config*
> *- hosts*
> .....
> *192.168.0.112 doforte.geofusion doforte
> 192.168.0.107 gfn-puppetmaster*
> .....
> *-puppet.config*
> *[agent]
> certname = generic-gfn-puppetmaster.pem
> certificate_revocation = false
> ssl_client_header = SSL_CLIENT_S_DN
> ssl_client_verify_header = SSL_CLIENT_VERIFY
> server = gfn-puppetmaster
> report = true
> pluginsync = true
> certname = doforte.geofusion*
>
> *### Server config*
> *-host*
> ...
> *192.168.0.107   gfn-puppetmaster
> 192.168.0.112   doforte.geofusion doforte*
> ...
> *-puppet.config*
> *[main]
> logdir=/var/log/puppet
> vardir=/var/lib/puppet
> ssldir=/var/lib/puppet/ssl
> rundir=/var/run/puppet
> factpath=$vardir/lib/facter
> templatedir=$confdir/templates
> prerun_command=/etc/puppet/etckeeper-commit-pre
> postrun_command=/etc/puppet/etckeeper-commit-post
>
> [master]
> # These are needed when the puppetmaster is run by passenger
> # and can safely be removed if webrick is used.
> ssl_client_header = SSL_CLIENT_S_DN
> ssl_client_verify_header = SSL_CLIENT_VERIFY
> server = gfn-puppetmaster
> report = true
> pluginsync = true
> certname = gfn-puppetmaster*
>
> Thank you very much!
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.