On 04/13/2011 05:11 AM, Martin Orda wrote: > Hi, > > I've looked in the archives and elsewhere but couldn't find a solution > to the issue I'm having. I'm running puppet with an external CA that I > manage myself (ca=false for puppetmasterd) puppetmasterd is behind > nginx reverse proxy. On the client I'm getting: > > root@web01:~# puppet agent --verbose --no-daemonize --onetime > err: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed > notice: Using cached catalog > err: Could not retrieve catalog; skipping run > > The puppetmaster's fqdn is excel.example.com and the SSL settings on > the master shouldn't really matter since nginx is the SSL endpoint in > this scenario. Could you have a look at the below (also available as > http://pastie.org/1789339) and let me know if my config is sensible or > if you can spot anything incorrect?
Hi, as a matter of fact, I don't see where you're telling the client to talk to "excel.example.com" (puppet agent's "server" parameter). As is, the agent probably just talks to "puppet". If your master cert is for "excel" and not "puppet", you're bound to get errors. If setting this doesn't help, you should use openssl s_client to query your master's certificate and find out why a client would fail its verification. HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
