On Tue, Sep 14, 2010 at 9:35 AM, M C <[email protected]> wrote:
> I'm trying to use puppet with passenger as well. I'm running puppet 2.6.1
> and I'm running into the issue mentioned under the troubleshooting section
> of http://projects.reductivelabs.com/projects/puppet/wiki/Using_Passenger.
> The instructions there are very vague. I've tried adding the ca_name
> setting to puppet.conf on the puppet master, but it doesn't seem to have any
> effect. I took a look at
> http://docs.puppetlabs.com/references/stable/configuration.html and there
> does not appear to be a ca_name option. On the other hand, there is a
> certname option. When I set this option to something like "ca-foo.bar.com"
> and restart the puppet master, I do see a new certificate generated,
> however, I get errors on the client side stating that the cert is incorrect
> "Could not retrieve catalog from remote server: hostname was not match with
> the server certificate". Any suggestions?
>
What's the output of puppetd --genconfig | grep "server =" ? By default
puppet agent connects to the puppet master named "puppet".
Try setting certdnsname=puppet:puppet.bar.com (include the output of server
=... if it's not puppet). I'm guessing the client is is resolving puppet
master through a DNS cname, puppet.bar.com => ca-foo.bar.com. The
certificate X509v3 Subject Alternative Name should include all possible DNS
cname for the puppet master.
You can examine the puppet master certificate using the command:
openssl x509 -text -in /var/lib/puppet/ssl/certs/${puppetmaster_fqdn}.pem
certname configures the certificate CN= and in your case should display:
Subject: CN=ca-foo.bar.com
certdnsname configures the following section:
X509v3 Subject Alternative Name:
DNS:puppet, DNS:puppet.bar.com
Thanks,
Nan
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
