2010/5/6 piir D.K <piir...@gmail.com>
> Hello,
>
> I'm tryning to have puppet working whitout handling any part of a pki.
> On one side I've got a puppet installation working, on the other side
> a PKI.(dogtag)
>
> I try to tell puppetmasterd to use my CA.crt and an already
> functionning cert, but at launch time it still generates his own
> certificate request. So I tried to sign his request, but he still
> ignore the certificate.
>
>
Hello,
I'am answering my own post, I did manage to launch both the client and the
server with my own certificate. The problem was that puppet didn't seems to
care about value in puppet.conf
In $ssldir I replace those file with mine, certs/ca.pem, certs/<fqdn>.pem
private_keys/<fqdn>.pem, public_keys/<fqdn>.pem.
But I'm getting this error on the client : (puppetd --no-daemonize -v -d )
err: Could not retrieve catalog from remote server: certificate verify
failed
On the server in masterhttp.log I can read this:
[2010-06-03 15:40:18] DEBUG accept: XXX.XXX.0.3:49420
[2010-06-03 15:40:18] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:45:in
`accept'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:45:in
`listen'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `call'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:43:in
`listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in
`initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in
`listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:39:in
`synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:39:in
`listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in `listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:128:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:122:in
`main'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run'
/usr/sbin/puppetmasterd:66
[2010-06-03 15:40:18] DEBUG close: XXX.XXX.0.3:49420
[2010-06-03 15:49:06] DEBUG close TCPSocket(0.0.0.0, 8140)
I have tested all the certficates with openssl (s_server|s_client) -CAfile
certs/ca.pem -cert certs/<fqdn>.pem -key private_keys/<fqdn>.pem , trying to
connect from the client to the server. It works fine, and i got no errors.
Any help/tracks would be greatly appreciated.
piir
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
