On May 19, 2009, at 8:07 PM, Drew Morone wrote:
> Having a problem with cert negotiation between client and server.
>
> client:
> CentOS 4.4
> 2.6.9 kernel
> ruby 1.8.1-7
> puppet 0.24.8
>
>
> Server:
> Debian 4
> 2.6.9 kernel
> ruby 1.8.7
> 0.24.8-1
>
> Client:
> Launch puppetd with -w30
>
> Server:
> puppetca --list shows client server. I puppetca --sign it.
>
> Then on the client, I get this:
> notice: Got signed certificate
> notice: Starting Puppet client version 0.24.8
> debug: Loaded state in 0.03 seconds
> debug: Retrieved facts in 0.81 seconds
> debug: Retrieving catalog
> debug: Calling puppetmaster.getconfig
> warning: Certificate validation failed; consider using the certname
> configuration option
> err: Could not retrieve catalog: Certificates were not trusted:
> certificate verify failed
>
> I've checked the time on both servers. they are the same.
> I've checked the cert on both servers w/ openssl verify. they are
> good.
>
> Any ideas?
Which certificate did you check on the client, and how did you do it?
It *might* be the fact that your client is using ruby 1.8.1, but I
doubt it.
--
Life isn't fair. It's just fairer than death, that's all.
-- William Goldman
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
