Jonathan, Glad you fixed the issue! Whenever you do a cert clean or cert remove, it will automatically get added to the certificate revocation list because it is assumed those certs will never be used again.
Thanks, -Alex On Nov 24, 2014 10:12 AM, "Jonathan Gazeley" < [email protected]> wrote: > On 24/11/14 14:50, Jonathan Gazeley wrote: > >> On 24/11/14 11:54, Jonathan Gazeley wrote: >> >>> >>> [jg4461@puppet-prod PUPPETROOT]$ sudo puppet node deactivate >>> authconfigtest.resnet.bris.ac.uk >>> Error: Failed to submit 'deactivate node' command for >>> authconfigtest.resnet.bris.ac.uk to PuppetDB at >>> puppetdb.resnet.bris.ac.uk:8081: SSL_connect returned=1 errno=0 >>> state=SSLv3 read server certificate B: certificate verify failed: >>> [certificate revoked for /CN=puppetdb.resnet.bris.ac.uk] >>> Error: Try 'puppet help node deactivate' for usage >>> >>> >> I'm still stuck on this. I found a Jira issue[1] which might be the >> cause. I deleted the puppetdb certs on the puppetdb server and on the >> puppetmaster, allowed puppet agent to recreate them on puppetdb, re-signed >> with puppetmaster and then copied the certs to the puppetdb installation. I >> restarted the puppetdb and puppetmaster services. No change in the >> behaviour. >> >> The information in [1] sounds as if it is a client configuration issue, >> but given that I've regenerated my puppetdb certs, I don't understand the >> problem. Can anyone shed any light on this? >> >> [1] https://tickets.puppetlabs.com/browse/PDB-346 >> >> > Fixed my own problem. Somehow the cert had been added to the CRL, even > though I had regenerated the cert. I deleted crl.pem and it immediately > sprang into life :) > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-users/547358E6.3030609%40bristol.ac.uk. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAGWx_yYyadQHROyCbsqQHvcbCY5uuxpnMCCP5T4%2BjajokscL7A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
