Hi, I migrated my old installation from a CentOS 6 machine to CentOS 7. Everything went quite fine and all clients connected to the new machine again. So far so good.
Finally i wanted to use our DigiCert certificate to be used for Formans frontend, as we did on the old one. But somehow i can't get it to work. As soon i replace the cert, the Puppet clients start to fail: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: > Failed when searching for node foo.bar.com: Failed to find foo.bar.com via exec: > Execution of '/etc/puppet/node.rb foo.bar.com' returned 1: > Warning: Not using cache on failed catalog > Error: Could not retrieve catalog; skipping run A "sudo -u puppet /etc/puppet/node.rb foo.bar.com" on the server returns: > Could not send facts to Foreman: SSL_connect returned=1 errno=0 > state=SSLv3 read server certificate B: certificate verify failed If i check the certs i use with the "katello-certs-check" everything looks fine: > Check private key matches the certificate: [OK] > Check ca bundle verifies the cert file: [OK] The following values in the answers file were changed: > server_ssl_chain: /etc/pki/tls/certs/DigiCertCA_FullChain.crt > server_ssl_cert: /etc/pki/tls/certs/certificate.crt > server_ssl_key: /etc/pki/tls/private/private.key > puppet_ssl_ca: /etc/pki/tls/certs/DigiCertCA_FullChain.crt Have not touched anything else in the file. Currently i'm still on 1.12.4 because the update to 1.13.x didn't fully works either (foreman-installer fails to execute. Different story...). So i first would like to bring it fully back to work on 1.12.4. After more than a day not getting one step further i'm a bit out of ideas. What else could i try? Have i missed something? I haven't found any good way to debug this in more detail to find the root cause. Thanks a lot, Urs -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
