Hello readers, I have this little issue that my puppet client refuses to do anything because of SSL validation errors. Maybe I'll just post dump of what happens, that makes it clear I hope. Does anyone have a suggestion why that might happen? what I already checked:
On the master: - Puppet and puppetmaster is running - Something is listening on Port 8140 (although I cannot telnet-connect to it, it closes immediately for whatever reason) - in /var/lib/puppet/ssl: find . -type f -delete On the client: - in /var/lib/puppet/ssl: find . -type f -delete I would appreciate any help that's available ... thanks & greetings! Axel. ... and now the little dump: (CLIENT) *root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test* info: Creating a new SSL key for l1311022.our.domain.de warning: peer certificate won't be verified in this SSL session (2x) info: Creating a new SSL certificate request for l1311022.our.domain.de info: Certificate Request fingerprint (md5): 19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E warning: peer certificate won't be verified in this SSL session (3x) Exiting; no certificate found and waitforcert is disabled (SERVER) *l1215022:/var/lib/puppet/ssl # pca -l* notice: Signed certificate request for ca notice: Rebuilding inventory file l1311022.our.domain.de (19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E) *l1215022:/var/lib/puppet/ssl # pca -s --all* notice: Signed certificate request for l1311022.our.domain.de notice: Removing file Puppet::SSL::CertificateRequest l1311022.our.domain.de at '/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem' l1215022:/var/lib/puppet/ssl # (CLIENT) *root@l1311022:/var/lib/puppet/ssl$ puppet agent --test* warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session info: Caching certificate for l1311022.our.domain.de info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet://l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed The config files look like this: (CLIENT) [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = /var/lib/puppet/ssl modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules [agent] certname = l1311022.our.domain.de server = l1215022.our.domain.de report = true graph = true pluginsync = true classfile = $vardir/classes.txt localconfig = $vardir/localconfig (SERVER) [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = /var/lib/puppet/ssl certname = l1215022.our.domain.de [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ToaPaY7mtgwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.