Hi Bhathiya, Did you delete old certs in puppet master as explained in [1] ? From the commands you have listed, it seems you have deleted the certs in agent side only. [2] too provides some tips related to a similar issue. Also, if you are testing in an IaaS, please make sure all the necessary ports in puppet master instance are accessible from puppet agent instance.
[1] http://serverfault.com/questions/515296/puppet-agent-certificate-verify-failure [2] http://stackoverflow.com/questions/4528101/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificat Thanks, Sajith On Tue, Feb 23, 2016 at 12:02 AM, Bhathiya Jayasekara <[email protected]> wrote: > Thanks for the prompt response Pubudu. I already tried that and got below. > > root@apim-2:/opt# find /var/lib/puppet/ssl -name '*.pem' -exec rm {} \; > root@apim-2:/opt# puppet agent -t > Info: Creating a new SSL key for apim-2.openstacklocal > Info: Caching certificate for ca > Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml > Info: Creating a new SSL certificate request for apim-2.openstacklocal > Info: Certificate Request fingerprint (SHA256): > 74:F4:B5:D3:39:02:0F:D7:6D:88:0C:06:4B:55:1C:08:7C:B8:C9:3E:91:0F:B1:C9:1B:07:DE:27:BB:D1:D5:55 > Info: Caching certificate for apim-2.openstacklocal > Info: Caching certificate_revocation_list for ca > Error: Could not request certificate: SSL_connect returned=1 errno=0 > state=SSLv3 read server certificate B: certificate verify failed: > [certificate revoked for /CN=apim-2.openstacklocal] > > Thanks, > Bhathiya > > On Mon, Feb 22, 2016 at 11:52 PM, Pubudu Gunatilaka <[email protected]> > wrote: > >> Hi Bhathiya, >> >> Could you please check with this [1] ? I think you are having Error 4. >> >> [1] - >> http://suhan-opensource.blogspot.com/2014/10/puppet-master-agent-communication-errors.html >> >> Thank you! >> >> On Mon, Feb 22, 2016 at 11:47 PM, Bhathiya Jayasekara <[email protected]> >> wrote: >> >>> Hi all, >>> >>> I followed all the steps in [1]. But at the end I'm getting below cert >>> error. Can someone please help me to understand what's wrong? >>> >>> root@apim-2:/opt# ./setup.sh >>> ##################################################### >>> Starting cleanup >>> ##################################################### >>> ##################################################### >>> Setting up environment >>> ##################################################### >>> ##################################################### >>> Installing >>> ##################################################### >>> Warning: Unable to fetch my node definition, but the agent run will >>> continue: >>> Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server >>> certificate B: certificate verify failed: [certificate revoked for >>> /CN=apim-2.openstacklocal] >>> Info: Retrieving plugin >>> Error: /File[/var/lib/puppet/lib]: Failed to generate additional >>> resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 >>> read server certificate B: certificate verify failed: [certificate revoked >>> for /CN=apim-2.openstacklocal] >>> Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect >>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] Could >>> not retrieve file metadata for puppet://puppet/plugins: SSL_connect >>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] >>> Error: Could not retrieve catalog from remote server: SSL_connect >>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>> verify failed: [certificate revoked for /CN=apim-2.openstacklocal] >>> Warning: Not using cache on failed catalog >>> Error: Could not retrieve catalog; skipping run >>> Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 >>> read server certificate B: certificate verify failed: [certificate revoked >>> for /CN=apim-2.openstacklocal] >>> >>> [1] >>> https://github.com/wso2/puppet-modules/wiki/Use-WSO2-Puppet-Modules-in-puppet-master-agent-Environment >>> >>> Thanks, >>> >>> -- >>> *Bhathiya Jayasekara* >>> *Senior Software Engineer,* >>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>> >>> *Phone: +94715478185 <%2B94715478185>* >>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>> <http://www.linkedin.com/in/bhathiyaj>* >>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>> *Blog: http://movingaheadblog.blogspot.com >>> <http://movingaheadblog.blogspot.com/>* >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> *Pubudu Gunatilaka* >> Committer and PMC Member - Apache Stratos >> Software Engineer >> WSO2, Inc.: http://wso2.com >> mobile : +94774079049 <%2B94772207163> >> >> > > > -- > *Bhathiya Jayasekara* > *Senior Software Engineer,* > *WSO2 inc., http://wso2.com <http://wso2.com>* > > *Phone: +94715478185 <%2B94715478185>* > *LinkedIn: http://www.linkedin.com/in/bhathiyaj > <http://www.linkedin.com/in/bhathiyaj>* > *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* > *Blog: http://movingaheadblog.blogspot.com > <http://movingaheadblog.blogspot.com/>* > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Sajith Kariyawasam *Committer and PMC member, Apache Stratos, * *WSO2 Inc.; http://wso2.com <http://wso2.com>* *Mobile: 0772269575*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
