On 30/06/14 16:24, Martin Alfke wrote:
Hi Chris,
On 30 Jun 2014, at 05:23, Chris <[email protected]> wrote:
master gets it:
# puppet ca list
client (SHA256)
D4:6D:33:FE:33:98:C1:42:77:ED:D3:33:16:8D:A0:C6:37:1F:90:6B:03:D2:EC:79:52:FF:03:2E:8C:7F:D8:50
and has signed itself:
# puppet ca list --all
client (SHA256)
D4:6D:33:FE:33:98:C1:42:77:ED:D3:33:16:8D:A0:C6:37:1F:90:6B:03:D2:EC:79:52:FF:03:2E:8C:7F:D8:50
+ puppet-master (SHA256)
65:CE:54:5B:0A:93:5A:43:B4:D6:26:21:5C:99:F5:E9:3B:B3:59:98:4C:5C:84:24:A6:2D:06:C4:FC:DF:2F:A9
So I sign it:
# puppet ca sign client
Notice: Signed certificate request for client
Notice: Removing file Puppet::SSL::CertificateRequest client2.squiz.local at
'/var/lib/puppet/ssl/ca/requests/client.pem'
"-----BEGIN CERTIFICATE-----\n....cert contents here....
Then the problems start:
# puppet ca list --all
Error: The certificate retrieved from the master does not match the agent's
private key.
Certificate fingerprint:
B5:2C:39:40:27:31:47:4F:89:A8:75:EB:8D:1C:16:B9:31:14:4D:BE:B3:DD:AB:81:0E:F4:E4:F2:73:CC:C1:B9
To fix this, remove the certificate from both the master and the agent and then
start a puppet run, which will automatically regenerate a certficate.
Will the same problem occur when using puppet cert instead of puppet ca?
That worked fine, thanks.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/53B20B70.60904%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
