On Thu, Jun 14, 2012 at 3:13 PM, Nan Liu <n...@puppetlabs.com> wrote: > So normally for self signed CA the issuer and subject is the same. In > this case you are issuing the certs via: > CN=Puppet CA: top-level-master.domain > > However you are asking the system to verify against a CA cert that > presents the subject as: > CN=Puppet CA: nlvmjt036.nwideweb.net
Well that's what I get for trying to sanitize the output before posting to the list. nlvmjt036 is the name of my top-level master. > So you can you locate your CA cert with the subject? > Subject: CN=Puppet CA: top-level-master.domain On my top-level master: # diff -s /var/lib/puppet/ssl/ca/ca_crt.pem /var/lib/puppet/ssl/certs/ca.pem Files /var/lib/puppet/ssl/ca/ca_crt.pem and /var/lib/puppet/ssl/certs/ca.pem are identical As mentioned previously, the top-level master's /var/lib/puppet/ssl/certs/ca.pem file is identical to the subordinate master's /var/lib/puppet/ssl/certs/ca.pem file. Thanks, Scott -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
