On Mon, 29 Nov 2010, Patrick wrote: > > So, it seems that the puppetd client is doing something different from > > the "openssl s_client" command used for testing. What certificate is > > the puppetd client attempting to present, and how can I change that? > > Run this on the client for the config puppet is using: > puppetd --genconfig
I use that all the time. The file names that I passed to "openssl s_client" are identical to those reported by "puppetd --genconfig". Whether or not the clientcrl file (ca_crl.pem) exists seems to have something to do with the problem but I haven't figured out the details. If I delete that file, then the puppetd client can connect, and it downloads a fresh copy of the CRL, after which it can no longer connect. I have configured certificate_revocation=false on the server, but it nevertheless sends the CRL file to the client. --apb (Alan Barrett) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.