Where I'm having the issue is on my master.
To generate and sign a cert for the master I ran:
puppet cert generate {hostname}.domain.tld --allow-dns-alt-names
--dns_alt_names={hostname}.domain.tld,{hostname}-eth1.domain.tld,{hostname}.sub.domain.tld
,{hostname}-eth1.sub.domain.tld
substituting {hostname} for the real hostname of the host
domain.tld for the real domain name
sub.domain.tld for a sub-domain that a client might use
What I'm seeing happening is when running the puppet agent against itself I
get the following errors:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Failed to submit 'replace facts' command for {hostname}.domain.tld to
PuppetDB at {hostname}.domain.tld:8081: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed: [unable
to get local issuer certificate for /CN={hostname}.domain.tld]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
This after stopping and restarting both the puppetmaster and puppetdb
services.
I decided to poke a bit further and found if I ran openssl verfiy on the
certificate for the puppet master I got
{hostname}.domain.tld.pem: CN = {hostname}.domain.tld
error 20 at 0 depth lookup:unable to get local issuer certificate
however if I do openssl verify specifying a CA cert things look good.
{hostname}.domain.tld.pem OK
So where do I go from here? I"m certain this has been solved before.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAArvnv38S%2BrK5qNvdpV0ZengYBk0ZWF_cnkNCUPNSTnk0cA82g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
