Additionally, I should add that the revoked certificate on the Puppet master was also cleaned with the following command:
# puppet cert --clean el5-puptest-2.localdomain And the issue persists as outlined above. ______________________ *J. Adam Craig* UNIX Operating Systems Analyst VCU Computer Center 804.828.4886 "Don't be a phishing victim -- VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more detauls, visit http://infosecurity.vcu.edu/phishing.html"; On Fri, Oct 4, 2013 at 9:43 AM, J. Adam Craig <[email protected]> wrote: > Folks -- > > I am attempting to retrieve a new certificate on a Puppet client whose > certificate was revoked on the Puppet master. > > The original certificate was revoked using the command: > > # puppet cert --revoke el5-puptest-2.localdomain > > > I have deleted the /var/lib/puppet/ssl directory on the client, and issued > the following command: > > # puppet agent --test --waitforcert=20 > > > This produces the following result: > > [root@el5-puptest-3 ~]# *puppet agent --test --waitforcert=20* > info: Creating a new SSL key for el5-puptest-3.localdomain > info: Caching certificate for ca > info: Creating a new SSL certificate request for el5-puptest-3.localdomain > info: Certificate Request fingerprint (md5): > 8E:F4:C6:25:17:7F:46:91:F6:D3:45:FB:F5:63:19:B4 > info: Caching certificate for el5-puptest-3.localdomain > notice: Ignoring --listen on onetime run > info: Retrieving plugin > info: Caching certificate_revocation_list for ca > err: /File[/var/lib/puppet/lib]: Failed to generate additional resources > using 'eval_generate': certificate verify failed > err: /File[/var/lib/puppet/lib]: Could not evaluate: certificate verify > failed Could not retrieve file metadata for puppet:// > rhel-vm-test-6a.ucc.vcu.edu/plugins: certificate verify failed > err: Could not retrieve catalog from remote server: certificate verify > failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > err: Could not send report: certificate verify failed > > > I read elsewhere that these issues could be due to the Puppet master being > configured with Apache / Passenger, and that sometimes a restart of Apache > on the master is needed to resolve the trouble. Despite issuing 'service > httpd restart' on the Puppet master server, I'm still getting the above > output. > > Both the Puppet agent and Puppet master is ver. 2.6.18-3.el6 (from EPEL). > > Any assistance is greatly needed and appreciated. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/puppet-users. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
