On Mon, Jan 24, 2011 at 09:21 -0800, luke.bigum wrote: > Down the bottom of Masterzen's blog post are some helpful openssl > commands for checking certificates: > http://www.masterzen.fr/2010/11/14/puppet-ssl-explained/
Thanks for the info, I figured it out! The key to the solution was the part where Masterzen explains about the server certificate. There he writes: "If your master is also a client of itself (ie it runs a puppet agent), I recommend using this certificate as the client certificate." So what I did, was: # cp ca/ca_crt.pem ./ca/signed/puppet.xs4all.net.pem # cp ca/ca_crt.pem ./certs/puppet.xs4all.net.pem # cp ca/ca_key.pem ./private_keys/puppet.xs4all.net.pem # cp ca/ca_pub.pem ./public_keys/puppet.xs4all.net.pem Then this happened: # puppet agent --test --noop Enter PEM pass phrase: And when I entered the string from ca/private/ca.pass, it worked! So the only thing left to do, was remove the pass phrase from the client certificate: # mv ./private_keys/puppet.xs4all.net.pem /tmp/foo # openssl rsa -in /tmp/foo -out ./private_keys/puppet.xs4all.net.pem Enter pass phrase for /tmp/foo: writing RSA key And then it worked! # puppet agent --test --noop info: Caching catalog for puppet.xs4all.net info: Applying configuration version '1295962955' ... Thanks again for your help. Robert Scheer -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
