Hi Chris,
On 30 Jun 2014, at 05:23, Chris <[email protected]> wrote:

> 
> master gets it:
> # puppet ca list
>  client  (SHA256) 
> D4:6D:33:FE:33:98:C1:42:77:ED:D3:33:16:8D:A0:C6:37:1F:90:6B:03:D2:EC:79:52:FF:03:2E:8C:7F:D8:50
> 
> and has signed itself:
> # puppet ca list --all
>  client         (SHA256) 
> D4:6D:33:FE:33:98:C1:42:77:ED:D3:33:16:8D:A0:C6:37:1F:90:6B:03:D2:EC:79:52:FF:03:2E:8C:7F:D8:50
> + puppet-master  (SHA256) 
> 65:CE:54:5B:0A:93:5A:43:B4:D6:26:21:5C:99:F5:E9:3B:B3:59:98:4C:5C:84:24:A6:2D:06:C4:FC:DF:2F:A9
> 
> So I sign it:
> # puppet ca sign client
> Notice: Signed certificate request for client
> Notice: Removing file Puppet::SSL::CertificateRequest client2.squiz.local at 
> '/var/lib/puppet/ssl/ca/requests/client.pem'
> "-----BEGIN CERTIFICATE-----\n....cert contents here....
> 
> 
> Then the problems start:
> 
> # puppet ca list --all
> Error: The certificate retrieved from the master does not match the agent's 
> private key.
> Certificate fingerprint: 
> B5:2C:39:40:27:31:47:4F:89:A8:75:EB:8D:1C:16:B9:31:14:4D:BE:B3:DD:AB:81:0E:F4:E4:F2:73:CC:C1:B9
> To fix this, remove the certificate from both the master and the agent and 
> then start a puppet run, which will automatically regenerate a certficate.

Will the same problem occur when using puppet cert instead of puppet ca?

- Martin

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/91DB1E78-4F44-4139-95E5-30BA1F45355C%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to