Hi, it's possible that they have wrong names, you must ensure that certname on puppet.conf on both, puppetmaster and agent, are the proper ones. You could check it by doing puppet agent --test --server=puppet.server.com. Deleting certs, on agent and master, could give you a more clear clue.
Look this http://docs.puppetlabs.com/guides/troubleshooting.html#agents-are-failing-with-a-hostname-was-not-match-with-the-server-certificate-error-whats-wrong ~ Happy install ! Cel : 511-997823451 Blog : http://piobox.blogspot.com/ LUG : http://www.utpinux.org Linux User ID : 549567 --------------- sı ɯǝ1qoɹd ɹnoʎ ʇɐɥʍ ǝǝs ı ʞuıɥʇ ı On 12 June 2013 10:00, Werner Flamme <[email protected]> wrote: > When I try to connect to my new puppet master, I get an error because of > a self-signed certificate: > > ---snip--- > > # puppet agent --test --noop > Warning: Unable to fetch my node definition, but the agent run will > continue: > Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server > certificate B: certificate verify failed: [self signed certificate in > certificate chain for /CN=Puppet CA: sapdisk.intranet.ufz.de] > Info: Retrieving plugin > Error: /File[/var/lib/puppet/lib]: Failed to generate additional > resources using 'eval_generate: SSL_connect returned=1 errno=0 > state=SSLv3 read server certificate B: certificate verify failed: [self > signed certificate in certificate chain for /CN=Puppet CA: > sapdisk.intranet.ufz.de] > Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed: [self signed certificate in certificate chain for > /CN=Puppet CA: sapdisk.intranet.ufz.de] Could not retrieve file metadata > for puppet://sapdisk.intranet.ufz.de/plugins: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify > failed: [self signed certificate in certificate chain for /CN=Puppet CA: > sapdisk.intranet.ufz.de] > Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/pe_version.rb > Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/root_home.rb > Info: Loading facts in > /etc/puppet/modules/stdlib/lib/facter/facter_dot_d.rb > Info: Loading facts in > /etc/puppet/modules/stdlib/lib/facter/puppet_vardir.rb > Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb > Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb > Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb > Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb > Error: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed: [self signed certificate in certificate chain for > /CN=Puppet CA: sapdisk.intranet.ufz.de] > Warning: Not using cache on failed catalog > Error: Could not retrieve catalog; skipping run > Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed: [self signed > certificate in certificate chain for /CN=Puppet CA: > sapdisk.intranet.ufz.de] > > ---pins--- > > On sapdisk, I see two certificates (puppet cert list --all), one for the > server (sapdisk) itself, one for the client (rz36test2). The client > certificate is transferred to the client - it is present in > /var/lib/puppet/ssl/certs. > > How do I get around this error? > > Regards, > Werner > > -- > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
