It took a bit of digging - but I did workout what the issue was. I'll give the solution first and then an overview of how I diagnosed the issue It may be useful to others with SSL issues.
I was running Puppet on a Red Hat server. By default Red Hat installs an SSL configuration in /etc/httpd/conf.d. The Puppet server's default configuration is also installed in /etc/httpd/conf.d and loads before the SSL configuration. I'd moved the puppet configuration (a virtual host / site ) to /etc/httpd/sites-available so it now loads after the SSL configuration and is in the same location as other sites / virtual hosts. Unfortunately the default Red Hat SSL configuration includes a virtual host with a self signed certificate. Unlike other SSL configuration these are not commented out. SSL certificates are selected on a per IP basis. The first one loaded by Apache for an IP takes precedence. The Red Hat SSL certificate was therefore loading and the one in the Puppet configuration was being silently ignored. The solution was simple: comment out the unused virtual host configuration in the default Red Hat SSL configuration. I'll follow up later on how I debugged this issue. Tom -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/13c73ae2-a9b3-4f27-915d-a8190715ed3d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
