On Sat, Nov 13, 2010 at 7:56 PM, David Birdsong <david.birds...@gmail.com> wrote: > On Sat, Nov 13, 2010 at 3:19 PM, Marek Dohojda <chro...@gmail.com> wrote: >> First thing I would check is time, to make sure that your manager and host >> are synched. >> > makes sense, i didn't think of this earlier, but alas i've synced them > (they were off by ~18 seconds) and still getting the exact same error. > > err: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed >
The agent couldn't reverse resolve itself. We use /etc/hosts, so I updated the agent machine's /etc/hosts and it now works. > >> >> -------------------------------------------------- >> From: "David Birdsong" <david.birds...@gmail.com> >> Sent: Saturday, November 13, 2010 2:49 PM >> To: <puppet-users@googlegroups.com> >> Subject: [Puppet Users] certificate verify failed >> >>> I am banging my head against the wall for recently built hosts that >>> are unable to verify the server's certs. The usual is not working. >>> >>> on the puppet agent machine: >>> find /var/lib/puppet/ssl -type f -delete >>> >>> on puppet master: >>> puppetca --clean <new_host_cert> >>> >>> on agent: >>> puppetd --server puppet --waitforcert 2 --no-daemonize -d -o >>> >>> on puppet master: >>> puppetca --sign <new_host_cert> >>> >>> after signing the cert, this is what client shows: >>> err: Could not retrieve catalog from remote server: SSL_connect >>> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >>> verify failed >>> >>> I'm signing the cert that shows up on the master via puppet --list, >>> simply copying and pasting. >>> >>> the usual steps work on all other existing hosts, but this host >>> refuses to verify the cert. is it the server cert that's invalid? >>> any help much appreciated. >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To post to this group, send email to puppet-us...@googlegroups.com. >>> To unsubscribe from this group, send email to >>> puppet-users+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
