I've found that there are three major pieces that can be going wrong in this case: 1) Getting the ca.pem file to the client. 2) Getting the Certificate sign request to the server. 3) Getting the signed certificate to the client.
Test them like this: To test 1) Grab /var/lib/puppet/ssl/ca.pem from a working client and put it on the client that doesn't work. To test 2) Check if you see the client's name when you run "puppetca --list --all" on the server. If not, try using "sudo puppetca --generate hostname.domainname" on the server. On Sep 16, 2010, at 7:12 AM, Tim wrote: > I've setup a puppet load-balanced solution based on these > instructions: > http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Scalability > > I have 4 puppetmaster instances running on my puppet server and an > Apache instance running on that server listening on port 8140 and > round-robining the requests from puppet clients. This works fine for > all my existing client machines. > > The problem is that when adding a new machine I get errors like this: > puppetd --test -v --server puppet --waitforcert 60 > warning: peer certificate won't be verified in this SSL session > err: Could not request certificate: sslv3 alert handshake failure > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
