The problem was between the seat and the keyboard :P I was using different ca names (ca_crt.pem != ca.pem)
Now it works perfectly Best regard -------------------------------------------------------------------------------------- Juan Sierra Pons j...@elsotanillo.net Linux User Registered: #257202 Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo GPG key = 0xA110F4FE Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE -------------------------------------------------------------------------------------- 2015-08-13 11:43 GMT+02:00 Juan Sierra Pons <j...@elsotanillo.net>: > Hi, > > I am trying to query the puppetdb from a remote server using curl and > https without success. > > I have already generated the certificates and move them the remote server. > > Using openssl all works ok > > First I launch the following command: > openssl s_client -connect puppetdb:8081 -CAfile ca.pem -cert > pentahotest.pem.cer -key pentahotest.pem.priv > > Once the connection is stablished I send the url to get the results: > get /v3/nodes > [ { > "name" : "server1", > "deactivated" : null, > "catalog_timestamp" : "2015-08-13T09:12:44.087Z", > "facts_timestamp" : "2015-08-13T09:12:35.127Z", > "report_timestamp" : "2015-08-13T09:13:10.401Z" > } > [...] > > So certificates are working ok. But If I use CURL with same > certificates it doesn't works > > $ curl -vvv -sfG 'https://puppetdb:8081/v3/nodes' --cacert ca_crt.pem > --cert pentahotest.pem.cer --key pentahotest.pem.priv > * STATE: INIT => CONNECT handle 0x600057080; line 1075 (connection #-5000) > * Added connection 0. The cache now contains 1 members > * Trying X.X.X.X... > * STATE: CONNECT => WAITCONNECT handle 0x600057080; line 1128 (connection #0) > * Connected to puppetdb (X.X.X.X) port 8081 (#0) > * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057080; line 1225 > (connection #0) > * ALPN, offering http/1.1 > * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH > * error setting certificate verify locations: > CAfile: ca_crt.pem > CApath: none > * STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057080; line > 1239 (connection #0) > * Expire cleared > * Curl_done > * Closing connection 0 > * The cache now contains 0 members > > Any idea what am I doing wrong? > > Best regards > > -------------------------------------------------------------------------------------- > Juan Sierra Pons j...@elsotanillo.net > Linux User Registered: #257202 > Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo > GPG key = 0xA110F4FE > Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE > -------------------------------------------------------------------------------------- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CABS%3Dy9vJYN4rQP8b%2Bzsrn6jx8Cp8PJ7uM2p_9KUmntY5_Eg4vw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
