On Jul 22, 2010, at 12:20 PM, David Dyer-Bennet wrote: > > On Thu, July 22, 2010 12:27, Patrick Mohr wrote: >> The hostname the client connects to, must match the name on the server's >> certificate. > > I believe I have that right. > > On the server, > > [r...@wrkapp00 ddb]# hostname > wrkapp00.esteemedemployer.local > [r...@wrkapp00 ddb]# puppetca --all --list > + wrkapp00.esteemedemployer.local > > The only certificate is its own, and that's in the name I expect. > > On the client, > > [r...@prc-mn-lnx01 ~]# puppetd --server wrkapp00.esteemedemployer.local > --waitforcert 60 --test > notice: Ignoring --listen on onetime run > err: Could not retrieve catalog from remote server: certificate verify failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > (Ping from the client shows the name is resolving to the IP I expect it > to; that it's actually talking to the server I checked certificate names > on.)
That's strange. Are you running puppet under Passenger or Mongrel? If you don't know, the answer is probably no. What does this command give you on the server? puppetmasterd --genconfig | grep "certname " What does this command give you on the client? puppetd --genconfig | grep "certname " What's in /var/lib/puppet/ssl on the client and server? Does /var/lib/puppet/ssl/certs/ca.pem on the client and server match? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.