On Wed, Dec 11, 2019 at 1:35 PM Kevin C <kevlarmay1...@gmail.com> wrote:
> I am trying to source a file from our Artifactory which using https, but > it fails due to cert issues: > > SSL_connect returned=1 errno=0 state=error: certificate verify failed > > I found some discussions on this issue here > https://tickets.puppetlabs.com/browse/PUP-7814 but adding the cert to the > cert.pem or creating a file in /opt/puppetlabs/puppet/ssl/certs and running > the c_hash command did not work either. > > Any suggestions? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/78a78f59-712d-40d0-9553-fef672231e86%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/78a78f59-712d-40d0-9553-fef672231e86%40googlegroups.com?utm_medium=email&utm_source=footer> > . > Is artifactory's cert issued by an intermediate CA? Is artifactory configured to provide the entire cert chain (equivalent to SSLCertificateChainFile in Apache)? Can you connect using the openssl binary in the puppet-agent package? /opt/puppetlabs/puppet/bin/openssl s_client -CApath /opt/puppetlabs/puppet/ssl/certs -connect artifactory.example.com:443 Did you run /opt/puppetlabs/puppet/bin/c_rehash or the one in system openssl? Josh -- Josh Cooper | Software Engineer j...@puppet.com | @coopjn -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97ukFSuuy7eeCENKmfh0nhzoXKmPMw%3DQSTo3Ywk1CrOsiog%40mail.gmail.com.
