This advice has worked for me nicely. Here is how to do this in Puppet 3.1.x:
1. First, stop puppet master on master node: sudo puppet resource service puppetmaster ensure=stopped enable=false 2. Then remove all certificates on master node. sudo rm -rf /var/lib/puppet/ssl 3. Now remove all certificates on the agent node: rm -rf ~/.puppet/ssl 4. Start the puppet master: sudo puppet resource service puppetmaster ensure=running enable=true 5. Request the certificates from agent node: puppet agent --test --waitforcert=2m --noop Done! On Sunday, June 9, 2013 2:20:21 AM UTC+9, badgerious wrote: > > > Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server >> certificate B: certificate verify failed: [certificate revoked for /CN= >> masterdns.peoplebrowsr.com] >> > > It looks like your puppetmaster's cert has been revoked (not the > client's). I think it may be necessary to blow away your master's ssl stuff > and regenerate (which also means regenerating certs for every client). You > can do this by stopping puppetmaster, removing /var/lib/puppet/ssl (on the > master), and restarting the master (I tried this with a 3.2.1 master). > Someone wiser might have a smarter solution to this... > > Eric > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/08d33c3c-fe24-41bf-9f10-c92f77b73d74%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
