On Mon, Feb 14, 2011 at 11:19 PM, mark risher <mris...@impermium.com> wrote: > Thanks for the suggestion. I set the /etc/host but that doesn't appear > any different from specifying --server xyz on the command line; my > client definitely seems to reach the server but still no certificate > is issued and the manifest file doesn't get downloaded: > > > --- CLIENT > mrisher@events1001:~$ sudo vi /etc/hosts > mrisher@events1001:~$ puppetd --test > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > Exiting; no certificate found and waitforcert is disabled > mrisher@events1001:~$ puppetd --test --waitforcert 60 > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > notice: Did not receive certificate > > > --- SERVER > mrisher@lab2:~$ puppetca --list > > mrisher@lab2:~$ sudo puppetca --list > > mrisher@lab2:~$
It really feels like the puppetca command is using a different ssldir configuration setting than the puppet master process is. Could you check puppetca --configprint ssldir and compare that with the ssldir setting being used by the puppet master process? Are you running in Passenger or some other setup? > I feel like I must be missing something really obvious. Is there a way > to telnet directly to the puppetmaster and issue a test that way? When > I telnet to port 8140 it immediately hangs up. This is because SSL is being used and your client isn't starting the handshake. Unfortunately there's not an easy way to test things without getting past the SSL layer, which is what you're having trouble with. Also, try pupeptca --list --all and see what certificates the CA _has_ signed. Hope this helps, -- Jeff McCune http://www.puppetlabs.com/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
