THANK YOU! I spent hours on this and went down a bunch of rat holes all having to do with time sync and certificates, etc. NOTHING worked until I found you small post here. There are tons of entries all over the web with this issue and no good solutions. I appreciate your advice.
Steve On Monday, January 14, 2013 1:06:37 PM UTC-5, RedJinnee wrote: > > By default the client request the revocation list from the master, you can > disable that by setting it's property to false. > in puppet.conf add > certificate_revocation = false > > then, puppet agent -t > > hope this helps. > > On Tuesday, December 18, 2012 7:05:43 AM UTC-5, Vishal Asai wrote: >> >> Hi Ajeet, >> >> Did you find any work around this issue? >> >> I am having exactly the same issue and I tried all possible ways to fix >> it but didn't get any success. >> >> Please let me know. Thanks in advance. >> >> Cheers. >> >> On Tuesday, 28 August 2012 18:38:51 UTC+9:30, Ajeet Raina wrote: >>> >>> Hi, >>> >>> I have a puppet master and agent installed. I want to generate and >>> configure master-agent certificate and followed the steps: >>> >>> Master: >>> ========== >>> 1. Cleaned up all certificate on Master: >>> >>> [root@puppet-server manifests]# puppet cert sign --all >>> No waiting certificate requests to sign >>> [root@puppet-server manifests]# puppet cert clean --all >>> notice: Revoked certificate with serial 16 >>> notice: Removing file Puppet::SSL::Certificate >>> puppet-client.test.com at >>> '/var/lib/puppet/ssl/ca/signed/puppet-client.test.com.pem' >>> notice: Removing file Puppet::SSL::Certificate >>> puppet-client.test.com at >>> '/var/lib/puppet/ssl/certs/puppet-client.test.com.pem' >>> [root@puppet-server manifests]# puppet cert clean --all >>> [root@puppet-server manifests]# >>> >>> 2. Removed all ssl/* from Agent >>> >>> [root@puppet-client yum.repos.d]# rm -fr /var/lib/puppet/ssl/* >>> [root@puppet-client yum.repos.d]# cd /var/lib/puppet/ssl/ >>> [root@puppet-client ssl]# ls >>> [root@puppet-client ssl]# >>> >>> 3. Generating Certificate from Agent: >>> >>> [root@puppet-client ssl]# puppet agent --test --verbose --server >>> puppet-server.test.com >>> info: Creating a new SSL key for puppet-client.test.com >>> info: Caching certificate for ca >>> info: Creating a new SSL certificate request for >>> puppet-client.test.com >>> info: Certificate Request fingerprint (md5): >>> AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1 >>> Exiting; no certificate found and waitforcert is disabled >>> [root@puppet-client ssl]# >>> >>> 4. Accepting it through Master: >>> >>> [root@puppet-server manifests]# puppetca -l >>> "puppet-client.test.com" >>> (AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1) >>> [root@puppet-server manifests]# >>> [root@puppet-server manifests]# puppet cert sign --all >>> notice: Signed certificate request for puppet-client.test.com >>> notice: Removing file Puppet::SSL::CertificateRequest >>> puppet-client.test.com at >>> '/var/lib/puppet/ssl/ca/requests/puppet-client.test.com.pem' >>> [root@puppet-server manifests]# >>> >>> Well going. >>> >>> 5.[root@puppet-client ssl]# puppet agent --test --verbose --server >>> puppet-server.test.com >>> info: Caching certificate for puppet-client.test.com >>> info: Caching certificate_revocation_list for ca >>> err: Could not retrieve catalog from remote server: SSL_connect >>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>> verify failed: [certificate revoked for /CN=puppet-server.test.com] >>> warning: Not using cache on failed catalog >>> err: Could not retrieve catalog; skipping run >>> err: Could not send report: SSL_connect returned=1 errno=0 >>> state=SSLv3 read server certificate B: certificate verify failed: >>> [certificate revoked for /CN=puppet-server.test.com] >>> [root@puppet-client ssl]# >>> >>> I tried to remove all the certificate from agent manually >>> /var/lib/puppet/ssl/* but things dint fix the issue. >>> I also tried to generate the certificate on server through : >>> >>> puppet agent --test --server=`hostname` >>> >>> and then performed all the steps above. No Luck with this too. >>> >>> How to fix this issue? >>> >>> >>> >>> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
