On Thu, Jan 7, 2016 at 5:41 PM, Matt Zagrabelny <[email protected]> wrote: > On Thu, Jan 7, 2016 at 5:35 PM, Peter Kristolaitis <[email protected]> wrote: >> Apparently I was a little too quick on the send button. :( >> >> To continue my previous email: >> >> Does 'puppet cert list --all' show any certs at all? > > Yep: > > # puppet cert list --all > + "puppet-client-1.example.net" (SHA256) > A3:73:DC:89:B2:13:D4:C5:7A:58:B9:EB:7E:6A:22:1C:36:97:BD:8F:4C:AD:18:39:2E:F8:10:2C:29:36:F6:82 > + "puppet-3-7.example.net" (SHA256) > E6:F6:7D:6C:D8:30:6C:AC:1E:B5:5D:29:E8:11:0C:CB:54:22:BA:B3:96:C1:E2:49:7A:48:CF:3E:F8:12:43:24 > (alt names: "DNS:puppet-3-7", "DNS:puppet-3-7.example.net") > > I don't remember what I did to get the master to accept the CSR of > puppet-client-1 earlier, but I did have similar issues where I ran the > client and the master didn't show any unsigned certs when running > "puppet cert list". > > That was a few weeks ago. I'm just coming back to puppet 3.7 now.
Regenerating the client cert and connecting to the master seems to get me one step further. client: find /var/lib/puppet/ssl -name puppet-cliet.example.net.pem -delete server: puppet cert clean puppet-client.example.net client: puppet agent -t --server puppet-3-7 --debug server: puppet cert list "puppet-client.example.net" (SHA256) E9:D3:10:D4:A0:0D:C7:BC:1F:FA:70:3E:DD:35:35:6C:1C:5C:D0:48:61:96:25:2F:E7:D2:DA:8F:4E:3F:24:CB puppet cert sign puppet-client.example.net client: puppet agent -t --server puppet-3-7 --debug [...] Error: Could not request certificate: SSL_connect returned=1 errno=0 state=unknown state: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppet-3-7.example.net] Exiting; failed to retrieve certificate and waitforcert is disabled Then performing the above steps, but clearing out all .pem files on the client seemed to fix the issue. Cheers! -m -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOLfK3XrqYOYVQrizt-DddNR8ggtBp-fyqmc0N4XnH_DG2i3wQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
