Issue #19680 has been updated by eric sorenson. Category set to SSL Status changed from Unreviewed to Investigating Assignee set to Andrew Parker
Andy -- this is a real issue, I've verified it locally. Trying a bisect as well but I wanted to escalate it to you. ---------------------------------------- Bug #19680: puppet ca list --all fails with "Error: The certificate retrieved from the master does not match the agent's private key." https://projects.puppetlabs.com/issues/19680#change-86871 Author: Deven Phillips Status: Investigating Priority: Normal Assignee: Andrew Parker Category: SSL Target version: 3.1.0 Affected Puppet version: 3.1.0 Keywords: puppet ca cert certificate private key mismatch Branch: On my puppetmaster server (using Apache, PhusionPassenger, puppet 3.1.0-1 on Debian Squeeze), attempting to run "puppet ca list --all" fails with: Error: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: [[REDACTED]] To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean [[REDACTED]] On the agent: rm -f /etc/puppet/ssl/certs/[[REDACTED]].pem puppet agent -t Error: Try 'puppet help ca list' for usage I have used "openssl x509 -in /path/to/cert.pem -fingerprint -md5 -nooout" to check the fingerprints on all certs and they DO match. Additionally, running "puppet cert list --all" works without issue. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
