Hi Chris, On 30 Jun 2014, at 05:23, Chris <[email protected]> wrote: > > master gets it: > # puppet ca list > client (SHA256) > D4:6D:33:FE:33:98:C1:42:77:ED:D3:33:16:8D:A0:C6:37:1F:90:6B:03:D2:EC:79:52:FF:03:2E:8C:7F:D8:50 > > and has signed itself: > # puppet ca list --all > client (SHA256) > D4:6D:33:FE:33:98:C1:42:77:ED:D3:33:16:8D:A0:C6:37:1F:90:6B:03:D2:EC:79:52:FF:03:2E:8C:7F:D8:50 > + puppet-master (SHA256) > 65:CE:54:5B:0A:93:5A:43:B4:D6:26:21:5C:99:F5:E9:3B:B3:59:98:4C:5C:84:24:A6:2D:06:C4:FC:DF:2F:A9 > > So I sign it: > # puppet ca sign client > Notice: Signed certificate request for client > Notice: Removing file Puppet::SSL::CertificateRequest client2.squiz.local at > '/var/lib/puppet/ssl/ca/requests/client.pem' > "-----BEGIN CERTIFICATE-----\n....cert contents here.... > > > Then the problems start: > > # puppet ca list --all > Error: The certificate retrieved from the master does not match the agent's > private key. > Certificate fingerprint: > B5:2C:39:40:27:31:47:4F:89:A8:75:EB:8D:1C:16:B9:31:14:4D:BE:B3:DD:AB:81:0E:F4:E4:F2:73:CC:C1:B9 > To fix this, remove the certificate from both the master and the agent and > then start a puppet run, which will automatically regenerate a certficate.
Will the same problem occur when using puppet cert instead of puppet ca? - Martin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/91DB1E78-4F44-4139-95E5-30BA1F45355C%40gmail.com. For more options, visit https://groups.google.com/d/optout.
