Issue #7110 has been updated by James Turnbull. Category set to SSL Status changed from Unreviewed to Accepted
---------------------------------------- Bug #7110: Better SSL error message when retrieved certificate does not match private key https://projects.puppetlabs.com/issues/7110 Author: Matt Robinson Status: Accepted Priority: Normal Assignee: Category: SSL Target version: Affected Puppet version: 2.6.0 Keywords: Branch: If you try to connect to a puppet master fort the first time using an agent that already has a signed cert on the master (this may happen if you need to wipe your agent but forget to revoke the dead agent's cert on the master), you get the following: /Users/matthewrobinson/work/puppet/lib/puppet/ssl/host.rb:166:in `certificate' /Users/matthewrobinson/work/puppet/lib/puppet/ssl/host.rb:227:in `wait_for_cert' /Users/matthewrobinson/work/puppet/lib/puppet/application/agent.rb:194:in `setup_host' /Users/matthewrobinson/work/puppet/lib/puppet/application/agent.rb:259:in `setup' /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:304:in `run' /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:420:in `hook' /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:304:in `run' /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:411:in `exit_on_fail' /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:304:in `run' /Users/matthewrobinson/work/puppet/sbin/puppetd:4 err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key The error message should say which retrieved certificate (presumably it's retrieving the the already signed cert for the old agent) and which private key (presumably it's the private key that was generated before sending a CSR to the master) don't match. This could be done by including the CN for the cert and some fingerprints or something so you can tell what doesn't match what. And then some more detail on HOW to remove the certificate from the server would be helpful. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
