On Wed, Sep 29, 2010 at 8:42 AM, Patrick <[email protected]> wrote: > > On Sep 29, 2010, at 8:31 AM, Nan Liu wrote: > >> On Wed, Sep 29, 2010 at 8:01 AM, Tim <[email protected]> wrote: >>> I've setup the puppetmaster to start 5 processes each listening on a >>> different port, with an Apache server in front. This works fine for >>> existing clients, however when I try to add a new client (ie. a newly >>> installed machine with no previous puppet configuration) I get this >>> error: >>> >>> err: Could not request certificate: sslv3 alert handshake failure >>> error >>> >>> Any ideas what's going wrong? >> >> Does the new client have a certificate signed by Puppet CA? If not, >> can you manually generate and distribute a certificate with pupet cert >> -g (puppetca in 0.25.5)? >> >> Is Apache configured for mandatory ssl? The directive is: >> SSLVerifyClient require > > Just to clarify, mandatory SSL is bad when using puppet.
Not if you've separated your CA from your "config" servers. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
