hi-
i'm setting up a new puppet environment, with an existing, separate ca.
to that end, i've been referring to this document:
http://docs.puppetlabs.com/puppet/3/reference/config_ssl_external_ca.html
here is my agent config:
[main]
vardir = /var/lib/puppet
rundir = /var/run/puppet
logdir = /var/log/puppet
ssldir = $vardir/ssl
templatedir = $confdir/templates
server = config.example.com
[agent]
hostprivkey = /etc/puppet/pki/$certname-key.pem
hostpubkey = /etc/puppet/pki/$certname-key-public.pem
hostcert = /etc/puppet/pki/$certname-cert.pem
localcacert = /etc/pki/trusted_root_authorities/ca-certificates.crt
certificate_revocation = false
when starting the puppet agent, the following is logged:
Aug 7 09:07:38 fester puppet-agent[5281]: Starting Puppet client
version 3.2.2
Aug 7 09:07:38 fester puppet-agent[5281]: Reopening log files
Aug 7 09:07:43 fester puppet-agent[5287]: Unable to fetch my node
definition, but the agent run will continue:
Aug 7 09:07:43 fester puppet-agent[5287]: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify
failed: [wrong public key type]
Aug 7 09:07:43 fester puppet-agent[5287]: Retrieving plugin
Aug 7 09:07:43 fester puppet-agent[5287]: (/File[/var/lib/puppet/lib])
Failed to generate additional resources using 'eval_generate:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
certificate verify failed: [wrong public key type]
Aug 7 09:07:44 fester puppet-agent[5287]: (/File[/var/lib/puppet/lib])
Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verify failed: [wrong public key type]
Could not retrieve file metadata for
puppet://config.example.com/plugins: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed: [wrong
public key type]
Aug 7 09:07:44 fester puppet-agent[5287]: Could not retrieve catalog
from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verify failed: [wrong public key type]
Aug 7 09:07:44 fester puppet-agent[5287]: Using cached catalog
Aug 7 09:07:44 fester puppet-agent[5287]: Could not retrieve catalog;
skipping run
Aug 7 09:07:44 fester puppet-agent[5287]: Could not send report:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
certificate verify failed: [wrong public key type]
openssl seems to indicate the public key is at least valid within a
general context:
>openssl pkey -pubin -in $(puppet agent --configprint hostpubkey) -text
-noout
Public-Key: (4096 bit)
Modulus:
00:d1:be:fc:cb:7c:76:e1:16:f1:b4:92:e9:c4:e5:
f0:9b:a4:da:8a:b5:89:7c:2c:c5:7f:4d:b5:08:5d:
fa:1a:6a:b2:76:c2:8c:92:23:66:75:66:50:53:8e:
15:c8:94:c8:6d:cd:b6:b3:a8:f5:25:69:d4:f9:71:
07:dd:32:8c:f0:17:3d:33:a1:10:0f:fd:a0:b6:0d:
d4:e9:3e:35:a6:3d:64:16:c9:26:a4:fc:07:da:2c:
74:7b:84:8b:6a:12:e1:2b:f1:3c:b8:34:e4:45:ec:
fb:68:2b:c5:00:a4:90:91:b6:a9:5f:01:88:31:cc:
98:a9:97:f1:c4:ea:81:e0:9f:da:55:a3:c6:95:7b:
b5:25:0a:bc:eb:d1:ef:56:7f:88:10:7b:e7:8a:4f:
d9:d0:67:e4:b3:84:f0:37:f3:b9:71:c8:0c:06:75:
a3:68:43:f0:ab:47:32:96:01:4d:a0:b4:fd:49:0f:
44:30:d2:48:2f:33:1c:48:1b:0b:d4:05:2c:b6:35:
42:ca:16:b3:da:7b:f1:27:c0:52:75:ac:09:c6:3b:
97:0a:dc:1f:b1:24:f4:43:f9:ce:f0:9d:e1:62:37:
cb:3c:7f:4a:2e:65:52:de:9d:9d:d9:28:51:69:69:
a9:1b:c1:aa:87:e4:ad:66:c2:a4:1c:e5:20:85:2a:
b2:fe:94:c1:b1:4c:df:1b:e2:e2:39:80:6b:b5:31:
44:07:08:3d:1b:a3:b3:6a:a2:f9:fd:ae:fc:de:f5:
78:fd:92:10:5d:09:cd:78:e0:6d:3a:84:93:55:f9:
7e:e6:8b:89:e9:72:e5:07:c3:48:0e:fc:c8:5a:16:
90:18:fa:6f:6e:fc:b2:5f:9b:bd:6d:85:cb:f0:62:
0b:d5:c0:50:a2:af:23:be:85:5f:5c:42:42:58:65:
c5:39:56:4b:b1:b9:31:03:fe:44:43:02:05:92:28:
f5:30:de:18:42:bd:66:87:04:ad:7d:0b:14:8d:ba:
e4:5a:09:04:e3:75:1a:db:68:11:e8:c5:3e:28:a2:
4d:41:20:94:10:37:d5:13:1e:7d:e9:54:fe:ea:86:
b9:cf:fa:30:83:6d:d5:bc:9c:61:9c:19:e5:4a:ba:
bb:d8:2f:a0:57:50:65:3e:bd:35:7e:40:02:ec:0d:
00:df:e5:e8:c8:c0:5f:ee:da:5a:d8:2a:bf:6e:bb:
d8:70:b0:6d:0d:4a:e4:35:61:b4:8e:98:c0:2d:9a:
bb:b4:e7:80:49:f4:0c:58:77:da:d7:bc:4f:9f:b8:
08:ef:05:5f:3b:ba:d2:24:58:ae:94:be:6b:5d:9f:
c7:56:54:f7:b4:08:bc:93:f8:17:8a:26:7c:45:3c:
77:2a:5b
Exponent: 65537 (0x10001)
how can i further troubleshoot what is wrong? i've not been able to
find any references to "wrong public key type" in my research so far.
regards
-ben
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
