On Sunday, January 4, 2015 7:44:05 PM UTC-6, roopchand yanamadala wrote:
[...] > Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed: [self signed certificate in certificate chain for /CN=Puppet > CA: puppet-master.xxx.local] Could not retrieve file metadata for puppet:// > puppet-master.xxx.com/plugins: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed: [self signed > certificate in certificate chain for /CN=Puppet CA: puppet-master.xxx.local] > Error: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed: [self signed certificate in certificate chain for /CN=Puppet > CA: puppet-master.xxx.local] > Warning: Not using cache on failed catalog > Error: Could not retrieve catalog; skipping run > Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed: [self signed > certificate in certificate chain for /CN=Puppet CA: puppet-master.xxx.local] > By default, the master's CA identifies itself via a self-signed certificate, but your client seems to object to that. Since that is not the usual result, I have to guess that the client has been configured to refuse self-signed certificates by default (this would be in your system's SSL configuration, not in Puppet's own configuration). In that case, your options would be: 1. Configure your SSL library to accept self-signed certificates (at least the Puppet CA's), or 2. Obtain and install on the master a CA certificate whose certificate chain traces back to an authority the client trusts. I'm afraid I have no personal experience with the details of either. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b43c9010-ebc2-4691-80fe-0cbe7b7f5204%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
