Hi Chris
Sorry for the late response but I wanted to check some things first before
responding. I made a new Puppetmaster and used this to install a new
PuppetDB server. I successfully connected them together, I can do a
successful puppet run on the PuppetDB node itself. When i check the
puppetdb.log I can see the run:
2012-09-25 14:56:59,434 INFO [command-proc-74] [puppetdb.command]
[e1ef3a0e-e5ed-4cc6-a49e-2c9dd3caef7e] [replace facts]
mgmt-puppetdb-01.edu.local
2012-09-25 14:57:03,787 INFO [command-proc-74] [puppetdb.command]
[6f07e5ca-d254-4186-a900-c5706d41e25c] [replace catalog]
mgmt-puppetdb-01.edu.local
2012-09-25 15:08:57,233 INFO [command-proc-74] [puppetdb.command]
[b0cd223f-dc63-470f-a7ff-2702720f58c2] [replace facts]
mgmt-puppetdb-01.edu.local
2012-09-25 15:08:58,736 INFO [command-proc-74] [puppetdb.command]
[bd776140-7c16-423c-8244-ff620346dbce] [replace catalog]
mgmt-puppetdb-01.edu.local
But when I try and reach the dashboard from the browser I get the same
error as before:
2012-09-25 15:18:20,934 WARN [qtp1248545328-67] [io.nio]
javax.net.ssl.SSLHandshakeException: null cert chain
2012-09-25 15:19:54,544 WARN [qtp1248545328-63] [io.nio]
javax.net.ssl.SSLHandshakeException: null cert chain
Firefox gives the following error:
The connection to mgmt-puppetdb-01.edu.local:8081 was interrupted while the
page was loading.
So I can connect to Puppetmaster to the PuppetDB but I cannot reach the
PuppetDB dashboard. I checked the connection with openssl client and this
is the error i got:
openssl s_client -connect mgmt-puppetdb-01.edu.local:8081
CONNECTED(00000003)
depth=0 CN = mgmt-puppetdb-01.edu.local
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = mgmt-puppetdb-01.edu.local
verify error:num=27:certificate not trusted
verify return:1
depth=0 CN = mgmt-puppetdb-01.edu.local
verify error:num=21:unable to verify the first certificate
verify return:1
140229444073120:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:177:
---
Certificate chain
0 s:/CN=mgmt-puppetdb-01.edu.local
i:/CN=Puppet CA: mgmt-puppetmaster-01.edu.local
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/CN=mgmt-puppetdb-01.edu.local
issuer=/CN=Puppet CA: mgmt-puppetmaster-01.edu.local
---
Acceptable client certificate CA names
/CN=Puppet CA: mgmt-puppetmaster-01.edu.local
---
SSL handshake has read 2373 bytes and written 178 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
5061AF7A33726FF51EF0CBFAD8AD3F4C88D2FFAC73E26BEFD2C0F3C722877211
Session-ID-ctx:
Master-Key:
85C3BF6C8830C349642BE7168E16F78873DAFE2FE6B60C842056BD65E0C9CE4633CF6C1558D6EEAA6EFDE5EA0BAE7CBF
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1348579196
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
Unfortunately SSL is not my area of expertise so I am stuck.. do you have
any idea's ? If you need more information please let me know.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/uV9oI9RS1wsJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
