On Wed, Jun 18, 2014 at 6:11 AM, jcbollinger <john.bollin...@stjude.org> wrote:
> > > On Wednesday, June 18, 2014 12:14:21 AM UTC-5, Torsten Kleiber wrote: >> >> >> >> Am Dienstag, 17. Juni 2014 15:03:20 UTC+2 schrieb jcbollinger: >> >>> You mean you have set these in your puppet.conf or in your environment? >>> If the former then which one (file system path) and which section? Are you >>> running as root or as an unprivileged user? >>> >> >> I run at the moment with root and have set it via export before the call. >> After setting it now in puppet.conf, the error changes similar to curl >> without -k: >> puppet module install rtyler/jenkins --debug >> Notice: Preparing to install into /etc/puppet/modules ... >> Notice: Downloading from https://forgeapi.puppetlabs.com ... >> Debug: HTTP GET https://forgeapi.puppetlabs. >> com/v3/releases?module=rtyler-jenkins >> <https://www.google.com/url?q=https%3A%2F%2Fforgeapi.puppetlabs.com%2Fv3%2Freleases%3Fmodule%3Drtyler-jenkins&sa=D&sntz=1&usg=AFQjCNHu-FqhQGWQIIlMLS_p0AJTBVu6Qw> >> Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com >> Unable to verify the SSL certificate >> The certificate may not be signed by a valid CA >> The CA bundle included with OpenSSL may not be valid or up to date >> >> > > > Well you don't really want to trust unverified certificates, certainly not > in an automated way. It sounds like you may need to update your trusted > certificate store with one or more new CA certificates. On a RedHat-family > Linux, that probably means updating package "ca-certificates". > > For what it's worth, neither Firefox on Windows nor curl (without -k) on > CentOS 6.5 complain to me about untrusted SSL certificates when I access > that forge URL, and I haven't made any special accommodation for it. > > > John > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/caf39dff-7544-4b4b-81de-d0dada0ae9d2%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/caf39dff-7544-4b4b-81de-d0dada0ae9d2%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > FYI, after the heartbleed incident we obtained new SSL certificates for all SSL related services, including forgeapi.puppetlabs.com. The new certificate was issued by UserTrustNetwork, and caused problems for the module tool on Windows, because the UserTrustNetwork root is not trusted. See https://tickets.puppetlabs.com/browse/PUP-2365 for more info. We recently switched back to a GeoTrust Global CA issued certificate, and that may explain why the module tool fails to authenticate the forgeapi for you. Josh -- Josh Cooper Developer, Puppet Labs *Join us at PuppetConf 2014 <http://www.puppetconf.com/>, September 20-24 in San Francisco* *Register by July 31st to take advantage of the Early Bird discount <https://puppetconf2014.eventbrite.com/?discount=EarlyBird> **—**save $249!* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97u%3DqDiHaiT48pQ8TGS6%2BvLChC-%2Bdkds7g8KM4s_SWW9nxA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
