On Thu, Jun 14, 2012 at 4:29 PM, Jakov Sosic <[email protected]> wrote: > I have a problem with puppet on a machine which has public and private > IP address. My nodes are on private lan, and hostname of master is FQDN > of the public IP. > > Client's just cannot connect. Problem which I get is: > > err: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed > > > I've added > PUPPETMASTER_EXTRA_OPTS=--server=10.0.0.2 > > to the /etc/sysconfig/puppetmaster, but there is no help. > > I've added: > > 10.0.0.2 puppet > > to the hosts on both master and slaves, and again no help. >
The name the agent uses to contact the master must be listed in the master certificate's Subject or Alt Names field. puppet is a name that is in the alt names field. If you add 10.0.0.2 puppet to the hosts file on the agents, then you need to make sure "puppet" is the name the agent uses to contact the master. Try adding server=puppet to the agent's puppet.conf and it should work. -Jeff -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
