Yes, they have exact the same system time.
maybe this /var/log/puppet/masterhttp.log will give you more
information:
(client is client1.test.ch, server is puppet.test.ch)
[2011-02-01 17:00:08] INFO
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7 (0x7)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Puppet CA: puppet.test.ch
Validity
Not Before: Jan 16 13:34:07 2011 GMT
Not After : Jan 15 13:34:07 2016 GMT
Subject: CN=puppet.test.ch
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:9a:c5:9f:d2:5b:3a:1d:00:32:11:0e:6f:c3:52:
e9:49:d4:7b:38:56:5d:16:43:b3:95:aa:1d:d8:fc:
7c:44:fd:09:e0:da:ec:97:f8:01:9b:e3:2c:5e:87:
d4:6e:7f:03:4a:e4:d5:81:a5:74:3e:08:69:08:9f:
37:47:56:b1:a9:c9:36:67:4a:0c:7a:ef:56:cc:c8:
29:d9:cc:b1:f1:a7:0a:c6:1e:0e:0c:0f:e2:09:69:
cf:ca:e6:0f:09:58:2f:b6:e8:0b:5a:ab:b4:de:25:
17:bb:85:65:3a:4b:3f:04:de:86:f8:04:4a:59:f8:
5a:ac:9b:b4:bc:41:58:d1:53
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Comment:
Puppet Ruby/OpenSSL Generated Certificate
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
DC:1D:60:44:B0:B8:98:F6:C0:53:3A:80:D4:5E:5A:05:42:BD:
45:B7
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client
Authentication, E-mail Protection
X509v3 Subject Alternative Name:
DNS:puppet, DNS:puppet.test.ch, DNS:puppet.test.ch
Signature Algorithm: sha1WithRSAEncryption
51:3c:91:5e:63:f9:17:80:36:ff:63:b7:28:76:89:06:e8:6d:
c3:36:65:f6:b2:9a:6a:66:12:fe:a8:9a:00:4c:99:4c:07:6b:
79:28:b6:6b:b2:d1:8d:a3:d6:0a:b2:78:8d:f3:cb:90:40:40:
83:ab:e5:a1:88:ec:dc:ae:a7:5b:76:14:2e:82:af:6b:b6:c2:
b9:db:12:99:33:95:de:d8:ff:03:fb:5d:1a:42:20:76:31:e7:
30:6a:ce:9c:d7:72:0c:ec:af:a3:01:0d:a3:90:a1:c2:d3:a0:
e9:30:66:9d:01:8e:11:43:96:9d:51:ce:7d:c0:c5:65:28:8b:
16:22
[2011-02-01 17:00:08] INFO WEBrick::HTTPServer#start: pid=3061
port=8140
[2011-02-01 17:00:09] ERROR OpenSSL::SSL::SSLError: SSL_accept
returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert
unknown ca
On 1 Feb., 16:53, Martin Alfke <[email protected]> wrote:
> Hi,
>
> is the time on both hosts (puppet master and puppet client) in sync?
>
> seehttp://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security
>
> Kind regards,
>
> Martin
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
