Thank you, Erick, the names were correct, I use certname entries in my config.
The problem was resolved by deleting the node certificate (mv /var/lib/puppet/ssl /var/lib/puppet/ssl.original) and recreating it by "puppet agent -t". I found the solution some minutes after posting here, after rephrasing my search... Since I searched in the office and I am at home now, I can't provide the URL, but will do so tomorrow (probably). Regards, Werner [12.06.2013 17:43] [Erick Ocrospoma]: > Hi, > > it's possible that they have wrong names, you must ensure that certname on > puppet.conf on both, puppetmaster and agent, are the proper ones. You could > check it by doing puppet agent --test --server=puppet.server.com. Deleting > certs, on agent and master, could give you a more clear clue. > > Look this > http://docs.puppetlabs.com/guides/troubleshooting.html#agents-are-failing-with-a-hostname-was-not-match-with-the-server-certificate-error-whats-wrong > > > ~ Happy install ! > > > Cel : 511-997823451 > Blog : http://piobox.blogspot.com/ > LUG : http://www.utpinux.org > Linux User ID : 549567 > > --------------- > sı ɯǝ1qoɹd ɹnoʎ ʇɐɥʍ ǝǝs ı ʞuıɥʇ ı > > > On 12 June 2013 10:00, Werner Flamme <[email protected]> wrote: > >> When I try to connect to my new puppet master, I get an error because of >> a self-signed certificate: >> >> ---snip--- >> >> # puppet agent --test --noop >> Warning: Unable to fetch my node definition, but the agent run will >> continue: >> Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server >> certificate B: certificate verify failed: [self signed certificate in >> certificate chain for /CN=Puppet CA: sapdisk.intranet.ufz.de] >> Info: Retrieving plugin >> Error: /File[/var/lib/puppet/lib]: Failed to generate additional >> resources using 'eval_generate: SSL_connect returned=1 errno=0 >> state=SSLv3 read server certificate B: certificate verify failed: [self >> signed certificate in certificate chain for /CN=Puppet CA: >> sapdisk.intranet.ufz.de] >> Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed: [self signed certificate in certificate chain for >> /CN=Puppet CA: sapdisk.intranet.ufz.de] Could not retrieve file metadata >> for puppet://sapdisk.intranet.ufz.de/plugins: SSL_connect returned=1 >> errno=0 state=SSLv3 read server certificate B: certificate verify >> failed: [self signed certificate in certificate chain for /CN=Puppet CA: >> sapdisk.intranet.ufz.de] >> Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/pe_version.rb >> Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/root_home.rb >> Info: Loading facts in >> /etc/puppet/modules/stdlib/lib/facter/facter_dot_d.rb >> Info: Loading facts in >> /etc/puppet/modules/stdlib/lib/facter/puppet_vardir.rb >> Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb >> Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb >> Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb >> Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb >> Error: Could not retrieve catalog from remote server: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed: [self signed certificate in certificate chain for >> /CN=Puppet CA: sapdisk.intranet.ufz.de] >> Warning: Not using cache on failed catalog >> Error: Could not retrieve catalog; skipping run >> Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 >> read server certificate B: certificate verify failed: [self signed >> certificate in certificate chain for /CN=Puppet CA: >> sapdisk.intranet.ufz.de] >> >> ---pins--- >> >> On sapdisk, I see two certificates (puppet cert list --all), one for the >> server (sapdisk) itself, one for the client (rz36test2). The client >> certificate is transferred to the client - it is present in >> /var/lib/puppet/ssl/certs. >> >> How do I get around this error? >> >> Regards, >> Werner >> -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
