Hi, Craig I know your meaning,but it seems not working.
These are my steps: 1. Run "puppetca --clean vmsz014" on the master to remove certificate. vmsz014 is the agent. 2. Rerun " puppetd --test" on the vmsz014 agent, but I still got the same err: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key I guess there must be something wrong that can't be simply resolved by removing the old certificate. On Tue, Sep 20, 2011 at 11:40 PM, Craig White <craig.wh...@ttiltd.com>wrote: > On Sep 20, 2011, at 3:32 AM, Yunfeng Xu wrote: > > > Hi, > > > > I am trying to use my self-signed CA and certificates instead of the > built-in CA.That is what I do: > > > > create a self-signed CA by openssll > > issue a certificate for puppet master by CA above > > > > then, add the private key files, ca files and pub key files into the > folowing location(use the default values) on master server: > > > > localcacert > > hostprivkey > > hostcert > > hostpubkey > > cacert > > cakey > > capub > > > > Finally, I run 'puppet --test' on the agent,and get the error: > > > > err: Could not request certificate: Retrieved certificate does not match > private key; please remove certificate from server and regenerate it with > the current key > > > > Is it possible to use customized CAs instead of the builtin CA?If answer > is yes, did I miss some steps for the error above? > > > > Sorry for my bad English. > ---- > your English is fine > > > http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security#Manual-CA-Configuration-optional > > short answer, yes, the problem you are having is described in the 'err' > > Craig > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
