Hi Yunfeng, I implemented a ca that works with puppet. (including putting the right file into right places).
Somewhere here: http://code.google.com/p/cloudcrv/source/browse/trunk/CRV/crv/model/centos5_puppet_clientmaker.py You might need to dig around a bit. But most of the stuff are in this file and the crvclient folder. Cheers, Yushu +-------------------------------------------------+ | Yushu Yao | Ph:1-510-486-4690 | | Lawrence Berkeley National Lab | Mailstop 50B-6222 | 1 Cyclotron Road | Berkeley CA 94720-8147 - USA +-------------------------------------------------+ On Tue, Sep 20, 2011 at 8:34 PM, Yunfeng Xu <hyw...@gmail.com> wrote: > Hi, Craig > > I know your meaning,but it seems not working. > > These are my steps: > > 1. Run "puppetca --clean vmsz014" on the master to remove certificate. > vmsz014 is the agent. > > 2. Rerun " puppetd --test" on the vmsz014 agent, but I still got the same > err: > > err: Could not request certificate: Retrieved certificate does not match > private key; please remove certificate from server and regenerate it with > the current key > > I guess there must be something wrong that can't be simply resolved by > removing the old certificate. > > > On Tue, Sep 20, 2011 at 11:40 PM, Craig White <craig.wh...@ttiltd.com>wrote: > >> On Sep 20, 2011, at 3:32 AM, Yunfeng Xu wrote: >> >> > Hi, >> > >> > I am trying to use my self-signed CA and certificates instead of the >> built-in CA.That is what I do: >> > >> > create a self-signed CA by openssll >> > issue a certificate for puppet master by CA above >> > >> > then, add the private key files, ca files and pub key files into the >> folowing location(use the default values) on master server: >> > >> > localcacert >> > hostprivkey >> > hostcert >> > hostpubkey >> > cacert >> > cakey >> > capub >> > >> > Finally, I run 'puppet --test' on the agent,and get the error: >> > >> > err: Could not request certificate: Retrieved certificate does not match >> private key; please remove certificate from server and regenerate it with >> the current key >> > >> > Is it possible to use customized CAs instead of the builtin CA?If answer >> is yes, did I miss some steps for the error above? >> > >> > Sorry for my bad English. >> ---- >> your English is fine >> >> >> http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security#Manual-CA-Configuration-optional >> >> short answer, yes, the problem you are having is described in the 'err' >> >> Craig >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
