Issue #19680 has been updated by Erric Gilbert.
I have the same issue with the PE 3.0.0 version on RHEL 6.4 64bit ---------------------------------------- Bug #19680: puppet ca list --all fails with "Error: The certificate retrieved from the master does not match the agent's private key." https://projects.puppetlabs.com/issues/19680#change-95391 * Author: Deven Phillips * Status: Investigating * Priority: Normal * Assignee: Andrew Parker * Category: SSL * Target version: * Affected Puppet version: 3.1.0 * Keywords: ca cert certificate private_key mismatch * Branch: ---------------------------------------- On my puppetmaster server (using Apache, PhusionPassenger, puppet 3.1.0-1 on Debian Squeeze), attempting to run "puppet ca list --all" fails with: Error: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: [[REDACTED]] To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean [[REDACTED]] On the agent: rm -f /etc/puppet/ssl/certs/[[REDACTED]].pem puppet agent -t Error: Try 'puppet help ca list' for usage I have used "openssl x509 -in /path/to/cert.pem -fingerprint -md5 -nooout" to check the fingerprints on all certs and they DO match. Additionally, running "puppet cert list --all" works without issue. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
