On Sat, Nov 13, 2010 at 7:56 PM, David Birdsong <[email protected]> wrote: > On Sat, Nov 13, 2010 at 3:19 PM, Marek Dohojda <[email protected]> wrote: >> First thing I would check is time, to make sure that your manager and host >> are synched. >> > makes sense, i didn't think of this earlier, but alas i've synced them > (they were off by ~18 seconds) and still getting the exact same error. > > err: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed >
The agent couldn't reverse resolve itself. We use /etc/hosts, so I updated the agent machine's /etc/hosts and it now works. > >> >> -------------------------------------------------- >> From: "David Birdsong" <[email protected]> >> Sent: Saturday, November 13, 2010 2:49 PM >> To: <[email protected]> >> Subject: [Puppet Users] certificate verify failed >> >>> I am banging my head against the wall for recently built hosts that >>> are unable to verify the server's certs. The usual is not working. >>> >>> on the puppet agent machine: >>> find /var/lib/puppet/ssl -type f -delete >>> >>> on puppet master: >>> puppetca --clean <new_host_cert> >>> >>> on agent: >>> puppetd --server puppet --waitforcert 2 --no-daemonize -d -o >>> >>> on puppet master: >>> puppetca --sign <new_host_cert> >>> >>> after signing the cert, this is what client shows: >>> err: Could not retrieve catalog from remote server: SSL_connect >>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>> verify failed >>> >>> I'm signing the cert that shows up on the master via puppet --list, >>> simply copying and pasting. >>> >>> the usual steps work on all other existing hosts, but this host >>> refuses to verify the cert. is it the server cert that's invalid? >>> any help much appreciated. >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
