Seems like to me the SSL loaded into PuppetDB (the port 8081 you
mention) is not valid.
A simple activity would be to use our provided tool to reload the
certificates again:
* Move /etc/puppetdb/ssl to ssl.bak to preserve the original
* Backup /etc/puppetdb/conf.d/jetty.ini to say jetty.ini.bak t
When I run
openssl s_client -host puppet -port 8081 -CAfile
/etc/puppet/ssl/certs/puppet.fqdn
I get Verify return code: 21 (unable to verify the first certificate).
If I run the same command, but use port 8140 to connect to puppet, I get a
return code of 19 (which is correct).
I believe that
