OS - RHEL5.7
Installation Source - epel-testing repo
Puppet server version - 2.6.6
puppetd version - 2.6.6
I searched Google and none of the answers were a match for my set up...
I can do 'puppetd --test' from the client and things work as expected.
When doing puppet kick hostname I get the following:
Triggering hostname
Host hostname failed: hostname not match with the server certificate
hostname finished with exit code 2
Failed: hostname
I have done openssl x509 -text -in /var/lib/puppet/ssl/certs/ca.pem and both
CA certs are identical.
When I do openssl x509 -text -in /var/lib/puppet/ssl/certs/<fqdn>.pem |
more I find that they are almost identical. The client show the X509v3
extensions section differently:
On the Client:
X509v3 extensions:
Netscape Comment:
Puppet Ruby/OpenSSL Generated Certificate
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
EF:37:CB:9A:6C:42:11:6F:FF:DB:9B:77:DC:78:07:CA:8B:A1:7A:E1
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client
Authentication, E-mail Protection
On the master:
X509v3 extensions:
Netscape Comment:
Puppet Ruby/OpenSSL Generated Certificate
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
CB:07:D6:B9:37:E0:1E:C4:E1:3B:EC:53:69:4C:87:90:67:B0:49:D5
X509v3 Key Usage:
Certificate Sign, CRL Sign
The .pem files on both are called fqdn.pem. Running the hostname command
shows the fqdn of the client.
I am stuck as to why this is happening. Any help would be appreciated.
Thanks,
John
John Kennedy
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
