I had the same setup issue. Go to your CA server and copy the puppet master unique certname .pem from /var/lib/puppet/ssl/{certs,private_key/ to both your puppet master workers and restart apache.
Also make sure to follow this: http://docs.puppetlabs.com/guides/scaling_multiple_masters.html The dns_alt_names part is very important: $ sudo puppet agent --test --dns_alt_names "master2.example.com,puppet,puppet.example.com" I hope it helps, I spent a few hours until I got it figured out :) Regards, Felipe On Thursday, November 29, 2012 3:31:59 AM UTC-8, Kalyana sundaram wrote: > > I have set up two puppet masters (load balanced) with a separate ca > server(ca is set false on masters). I brought up a new server for puppetDB. > It got certs signed from ca_server and ran puppet agent without any issue. > But when I started puppetdb and changed puppet master's conf to use > puppetdb(as per docs for puppetdb). This error started to come and > basically stopped puppet run > > >> Thu Nov 29 10:17:51 +0000 2012 Puppet (err): Could not retrieve catalog >> from remote server: Error 400 on SERVER: Failed to submit 'replace facts' >> command for XXX to PuppetDB at puppetdb.aus-tx.colo:8081: SSL_connect >> SYSCALL returned=5 errno=0 state=SSLv3 read finished A > > > The puppetdb log throws > > >> [qtp665563146-341] [io.nio] javax.net.ssl.SSLHandshakeException: null >> cert chain > > > I tested a https curl using command > >> curl -H "Accept: application/json" 'https://puppetdb:8081/facts' >> --cacert /var/lib/puppet/ssl/certs/ca.pem --cert >> /var/lib/puppet/ssl/certs/puppetmaster.pem --key >> /var/lib/puppet/ssl/private_keys/puppetmaster.pem > > > The curl didnt throw any error > > I am struck here for a long time. Pls do share your expertise > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/0g0BjWoGEnoJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.