> Searching the net suggests removing '/var/opt/csw/puppet/ssl' from > client and running puppetca --clean <hostname> > (hostname in this case is selix063gh.lmera.ericsson.se) > When I issue 'puppetca --clean selix063gh.lmera.ericsson.se' I get a > the response; > 'Could not find client certificate or request for > selix063gh.lmera.ericsson.se' > which isn't particurlarly suprising, since this is a new client and > one would expect that its unknown to puppetmaster. > > However looking on the puppetserver the client is all but unknown ... > Listing /var/lib/puppet/ssl/ca/signed gives at hand; > .................................................................................................................................................................. > -rw-r----- 1 puppet puppet 1021 Mar 31 15:09 puppet- > server.lmera.ericsson.se.pem > -rw-r----- 1 puppet puppet 908 Apr 26 12:34 > puppetc1.lmera.ericsson.se.pem > -rw-r----- 1 puppet puppet 912 Apr 26 12:34 > selix063gh.lmera.ericsson.se.pem > .................................................................................................................................................................. > > Being a puppet rockie it appears that something is very wrong. > Err. msg. says 'remove certificate from server' and when i try that > from puppetmasterd, I'll get a msg. saying > that there is no certificate for the hostname. > Removing /var/opt/csw/puppet/ssl from client and running puppetca -- > clean <hostname> does not change anything > I'll get the same error message nomatter what I try. > > Anyone having a way out of this ?
Hi, weird indeed. What does puppetca --list --all give you? The first wooden hammer you can swing is "move the cert away from the master's ssl dir". Another approach (albeit crooked) would be to try and find the privkey for the cert that somehow made it to your master and use that for the client. I don't think you'll find it, though. Have you ever told puppet to sign any cert for that box? Is autosign enabled per chance? HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
