Hi, Try the following in puppet.conf on the client side:
[main] server = puppet.test.ch certname =puppet.test.ch ... ... Vladimir On Feb 1, 5:26 pm, Pascal <[email protected]> wrote: > Yes, they have exact the same system time. > > maybe this /var/log/puppet/masterhttp.log will give you more > information: > (client is client1.test.ch, server is puppet.test.ch) > > [2011-02-01 17:00:08] INFO > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 7 (0x7) > Signature Algorithm: sha1WithRSAEncryption > Issuer: CN=Puppet CA: puppet.test.ch > Validity > Not Before: Jan 16 13:34:07 2011 GMT > Not After : Jan 15 13:34:07 2016 GMT > Subject: CN=puppet.test.ch > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > Modulus (1024 bit): > 00:9a:c5:9f:d2:5b:3a:1d:00:32:11:0e:6f:c3:52: > e9:49:d4:7b:38:56:5d:16:43:b3:95:aa:1d:d8:fc: > 7c:44:fd:09:e0:da:ec:97:f8:01:9b:e3:2c:5e:87: > d4:6e:7f:03:4a:e4:d5:81:a5:74:3e:08:69:08:9f: > 37:47:56:b1:a9:c9:36:67:4a:0c:7a:ef:56:cc:c8: > 29:d9:cc:b1:f1:a7:0a:c6:1e:0e:0c:0f:e2:09:69: > cf:ca:e6:0f:09:58:2f:b6:e8:0b:5a:ab:b4:de:25: > 17:bb:85:65:3a:4b:3f:04:de:86:f8:04:4a:59:f8: > 5a:ac:9b:b4:bc:41:58:d1:53 > Exponent: 65537 (0x10001) > X509v3 extensions: > Netscape Comment: > Puppet Ruby/OpenSSL Generated Certificate > X509v3 Basic Constraints: critical > CA:FALSE > X509v3 Subject Key Identifier: > DC:1D:60:44:B0:B8:98:F6:C0:53:3A:80:D4:5E:5A:05:42:BD: > 45:B7 > X509v3 Key Usage: > Digital Signature, Key Encipherment > X509v3 Extended Key Usage: > TLS Web Server Authentication, TLS Web Client > Authentication, E-mail Protection > X509v3 Subject Alternative Name: > DNS:puppet, DNS:puppet.test.ch, DNS:puppet.test.ch > Signature Algorithm: sha1WithRSAEncryption > 51:3c:91:5e:63:f9:17:80:36:ff:63:b7:28:76:89:06:e8:6d: > c3:36:65:f6:b2:9a:6a:66:12:fe:a8:9a:00:4c:99:4c:07:6b: > 79:28:b6:6b:b2:d1:8d:a3:d6:0a:b2:78:8d:f3:cb:90:40:40: > 83:ab:e5:a1:88:ec:dc:ae:a7:5b:76:14:2e:82:af:6b:b6:c2: > b9:db:12:99:33:95:de:d8:ff:03:fb:5d:1a:42:20:76:31:e7: > 30:6a:ce:9c:d7:72:0c:ec:af:a3:01:0d:a3:90:a1:c2:d3:a0: > e9:30:66:9d:01:8e:11:43:96:9d:51:ce:7d:c0:c5:65:28:8b: > 16:22 > [2011-02-01 17:00:08] INFO WEBrick::HTTPServer#start: pid=3061 > port=8140 > [2011-02-01 17:00:09] ERROR OpenSSL::SSL::SSLError: SSL_accept > returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert > unknown ca > > On 1 Feb., 16:53, Martin Alfke <[email protected]> wrote: > > > > > > > > > Hi, > > > is the time on both hosts (puppet master and puppet client) in sync? > > > seehttp://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security > > > Kind regards, > > > Martin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
