[Puppet - Bug #13583] (Unreviewed) Unable to use puppetca

[tickets]

Issue #13583 has been reported by Florian Koch.

----------------------------------------
Bug #13583: Unable to use puppetca 
https://projects.puppetlabs.com/issues/13583

Author: Florian Koch
Status: Unreviewed
Priority: High
Assignee: 
Category: 
Target version: 
Affected Puppet version: 2.7.12
Keywords: puppetca puppet cert 
The certificate retrieved from the master does not match the agent's private 
key.

Branch: 


Hi,

i have some wired issue, i have a foreman-proxy server, build from scratch, i 
can execute puppet cert without problems
    puppet cert --list --all
    notice: Signed certificate request for ca
    notice: Rebuilding inventory file

if i run puppet agent to connect the server to my puppetmaster, all went fine, 
but if i try to generate a cert after the puppetrun i get

    puppet cert generate test
    The certificate retrieved from the master does not match the agent's 
private key.
    Certificate fingerprint: D1:B4:88:24:24:31:FA:13:90:FA:1F:8A:CB:BF:2D:AB
    To fix this, remove the certificate from both the master and the agent and 
then start a puppet run, which will automatically regenerate  a certficate.
    On the master:
    puppet cert clean foreman-proxya01.example.com
    On the agent:
    rm -f /var/lib/puppet/ssl/certs/foreman-proxya01.example.com.pem
    puppet agent -t
    

if i remove /var/lib/puppet/ssl i can use puppet cert again

    [root@foreman-proxya01 ~]# puppet cert generate test
    notice: Signed certificate request for ca
    notice: Rebuilding inventory file
    notice: test has a waiting certificate request
    notice: Signed certificate request for test
    notice: Removing file Puppet::SSL::CertificateRequest test at 
'/var/lib/puppet/ssl/ca/requests/test.pem'
    notice: Removing file Puppet::SSL::CertificateRequest test at 
'/var/lib/puppet/ssl/certificate_requests/test.pem'
    err: Could not call generate: Could not find certificate request for test
    [root@foreman-proxya01 ~]# puppet cert --list --all
    + test (B3:56:37:6C:9C:8D:FA:C8:62:2A:3E:90:C8:8F:01:4F)
    [root@foreman-proxya01 ~]# 



any idea?

rgdf flo



-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to puppet-bugs@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-bugs+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.