Nan, Thanks so much for your help. This was in fact the issue. I shut down the puppet master, backed up the /var/lib/puppet/ssl directory, and ran "puppet master -v --ca_name="Puppet CA puppet.bar.com". After that ran, I checked the SSL certs using the openssl command and things looked as expected. I was then able to start the puppet master withing apache/passenger and after re-signing certificates for the clients, they're able to run against the passenger-enclosed puppet master.
On Tue, Sep 14, 2010 at 5:03 PM, Nan Liu <[email protected]> wrote: > On Tue, Sep 14, 2010 at 11:53 AM, M C <[email protected]> wrote: > >> Restarting the puppet master with the certdnsname option set did not >> change the certificate in /var/lib/puppet/ssl/certs/admin.baz.bar.com at >> all. >> >> My understanding from the documentation is that the issue was with >> ca.pem. > > > If that's the case, the options I provided wasn't addressing the right > certificate. > > Is that not the case? Is there some trick to get puppet to regenerate the >> certs properly? From what I've been able to find, this seems to be at least >> partially related to Bug #4226. > > > If the problem is related to 4226, you just need to specify ca_name option > when running puppetmaster for the first time. Once the ca.pem file is > created it won't replace it: > > puppetmasterd -v --ca_name="Puppet CA puppet.bar.com" > > Issuer: CN=Puppet CA puppet.bar.com > ... > X509v3 Key Usage: > Certificate Sign, CRL Sign > > I would backup the ssl directory first. > > > Thanks, > > Nan > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<puppet-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
