Hello, > > Am Freitag, 4. Januar 2019 22:21:47 UTC+1 schrieb Michael Post: > >> Hello, >> >> yesterday and today i set up a new Debian Stretch VM and want to install >> a fresh environment with puppetserver 6. >> >>> >>> sometimes it is good to write and think and read more and more. I solved my problem. The exact steps are written in the documentation but you have to find it.
It is written under https://puppet.com/docs/puppet/5.3/config_ssl_external_ca.html#option-2-puppet-server-functioning-as-an-intermediate-ca Puppet agent You need to do two things to prepare Puppet agent for this CA configuration: If you copy this file into place before the first Puppet run, you will not recieve any errors. If you attempt a Puppet run prior to this file being present you will receive errors since the auto-distributed ca.pem file doesn’t include the root CA.. Example error: Error: Could not request certificate: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=<server>] Copy the CA bundle in place prior to a Puppet run. Disable certificate revocation validation. Copy the CA bundle you created to /etc/puppetlabs/puppet/ssl/certs/ca.pem on every agent node. Set certificate_revocation = false in the [main] section of puppet.conf on every agent node: [main] certificate_revocation = false Once you’ve completed both of these steps, the agent can run successfully. Have a nice weekend, Michael -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ed78a062-6db1-4636-bb78-c2bfbb01cb90%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
