I am instead open a new one. I realize I am making a big mess... Thanks thus far.
On Wednesday, June 13, 2012 9:24:16 PM UTC-4, tas wrote: > > Hi Nick and James, > > You want me to do that on Master? I just did. I can't do that on the > client. > > Master: > > $ puppet master --configprint certname > master (I am using alias name from now on... you see it is not > puppetmaster) > $ puppet cert clean master > notice: Revoked certificate with serial 2 > notice: Removing file Puppet::SSL::Certificate master at > '/var/lib/puppet/ssl/ca/signed/master.pem' > notice: Removing file Puppet::SSL::Certificate master at > '/var/lib/puppet/ssl/certs/master.pem' > notice: Removing file Puppet::SSL::Key master at > '/var/lib/puppet/ssl/private_keysmaster.pem' > > > $ puppet cert generate --dns_alt_names puppetmaster master > notice: master has a waiting certificate request > notice: Signed certificate request for master > notice: Removing file Puppet::SSL::CertificateRequest master at > '/var/lib/puppet/ssl/ca/requests/master.pem' > notice: Removing file Puppet::SSL::CertificateRequest master at > '/var/lib/puppet/ssl/certificate_requests/master.pem' > > > Now I see the following in master.pem > X509v3 Subject Alternative Name: > DNS:master, DNS:puppetmaster > > But ran the test again, and still complain not matched./ > > Thanks. > > > > On Wednesday, June 13, 2012 5:23:32 PM UTC-4, Nick Fagerlund wrote: >> >> >> >> On Wednesday, June 13, 2012 1:26:17 PM UTC-7, repoman wrote: >> >>> err: Could not retrieve catalog from remote server: hostname was not >>> match with the server certificate >>> >> >> Hey, repoman, >> >> This is a dns_alt_names problem. (Setting info: >> http://docs.puppetlabs.com/references/latest/configuration.html#dnsaltnames >> ) >> >> Short version is that the hostname you contact the puppet master at MUST >> be included in its SSL certificate. By default, only the master's certname >> and the special default hostname "puppet" are included. If "puppetmaster" >> isn't the certname of your master (check by running puppet master >> --configprint certname), you'll need to either re-generate its cert or >> configure agents to use one of the names in its certificate. >> >> To view the cert and confirm that "puppetmaster" isn't in it: >> >> puppet cert print (whatever the master's certname is) >> >> To regenerate the master's cert: >> >> puppet cert clean (whatever the master's certname is) >> puppet cert generate --dns_alt_names puppetmaster (whatever the master's >> certname is) >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/HOdxa55k_8cJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
