On Sep 20, 2011, at 3:32 AM, Yunfeng Xu wrote: > Hi, > > I am trying to use my self-signed CA and certificates instead of the built-in > CA.That is what I do: > > create a self-signed CA by openssll > issue a certificate for puppet master by CA above > > then, add the private key files, ca files and pub key files into the folowing > location(use the default values) on master server: > > localcacert > hostprivkey > hostcert > hostpubkey > cacert > cakey > capub > > Finally, I run 'puppet --test' on the agent,and get the error: > > err: Could not request certificate: Retrieved certificate does not match > private key; please remove certificate from server and regenerate it with the > current key > > Is it possible to use customized CAs instead of the builtin CA?If answer is > yes, did I miss some steps for the error above? > > Sorry for my bad English. ---- your English is fine
http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security#Manual-CA-Configuration-optional short answer, yes, the problem you are having is described in the 'err' Craig -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
