Issue #4948 has been updated by Nigel Kersten. Status changed from Needs Decision to Accepted Assignee deleted (Nigel Kersten) Priority changed from Normal to High Target version changed from 2.7.x to Telly
---------------------------------------- Bug #4948: connecting from a client whose cert is revoked fails without indicating why https://projects.puppetlabs.com/issues/4948 Author: eric sorenson Status: Accepted Priority: High Assignee: Category: SSL Target version: Telly Affected Puppet version: 0.25.0 Keywords: CRL Branch: had a confusing time tonight trying to debug some systems which were failing puppetd -tv -- the error output looked like: <pre> [root@it11p00me-acctsvc001 /var/lib/puppet]# puppetd -tv info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': certificate verify failed err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: certificate verify failed Could not retrieve file metadata for puppet://puppet/plugins: certificate verify failed info: Loading facts in locallinks info: Loading facts in locallinks err: Could not retrieve catalog from remote server: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run </pre> The cause was that the cert's serial number was in the CRL downloaded from the CA - probably due to a misunderstanding on my part of how exactly to issue new certificates to hosts whose private keys are lost due to re-imaging. But regardless it would be nice to emit some kind of informative error message if we find out the local certificate is in the CA's CRL. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
