On 12/06/2010 09:13 PM, Kikanny wrote: > Whenever I try to connect to the master from the client, I get the > following error: > > Could not retrieve catalog from remote server: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify > failed > > I tried google and most of the results say the problem is due the > difference in clock between the server and client. However, my server > and client have the same date and time. Here are extra details about > my setup. > > Server: > hostname - puppetmaster > domainname - does not have a domain > fqdn - puppetmaster > > Client: > hostname - puppetclient > domainname - localdomain > fqdn - puppetclient.localdomain > > I have puppetclient and its ip address in the master's /etc/hosts > file. I also have puppetmaster and its ip address in the client's /etc/ > hosts file. I use "puppetd --debug --server puppetmaster" on the > client to connect to the server. The first time it connects, it > requests a certificate from the server. I then use puppetca to sign > the certificate on the master. I get the error after doing that step. > I'm completely clueless. I've tried all sorts of permutations and > cannot get it to work. I guess somewhere, my certificates are getting > screwed up or could it also be because my server does not have a > domain name? But that is one of the requirements. Any help would be > appreciated! Thanks! >
I remember similar nightmares. Have you tried certname options on the client node? I.e., puppetd --test --certname=<name> or adding it to puppet.conf? Otherwise, try openssl s_client and connect to the puppetmaster port to see the server certificate. Diff against your cached cert, see if the names are correct etc. HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
