On 24/11/14 14:50, Jonathan Gazeley wrote:
On 24/11/14 11:54, Jonathan Gazeley wrote:
[jg4461@puppet-prod PUPPETROOT]$ sudo puppet node deactivate
authconfigtest.resnet.bris.ac.uk
Error: Failed to submit 'deactivate node' command for
authconfigtest.resnet.bris.ac.uk to PuppetDB at
puppetdb.resnet.bris.ac.uk:8081: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed:
[certificate revoked for /CN=puppetdb.resnet.bris.ac.uk]
Error: Try 'puppet help node deactivate' for usage
I'm still stuck on this. I found a Jira issue[1] which might be the
cause. I deleted the puppetdb certs on the puppetdb server and on the
puppetmaster, allowed puppet agent to recreate them on puppetdb,
re-signed with puppetmaster and then copied the certs to the puppetdb
installation. I restarted the puppetdb and puppetmaster services. No
change in the behaviour.
The information in [1] sounds as if it is a client configuration
issue, but given that I've regenerated my puppetdb certs, I don't
understand the problem. Can anyone shed any light on this?
[1] https://tickets.puppetlabs.com/browse/PDB-346
Fixed my own problem. Somehow the cert had been added to the CRL, even
though I had regenerated the cert. I deleted crl.pem and it immediately
sprang into life :)
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/547358E6.3030609%40bristol.ac.uk.
For more options, visit https://groups.google.com/d/optout.
