I have just installed a puppet master 3.0.1 under Debian 6.0 Squeeze. As soon as I have installed puppet ca list --all works ok:
# puppet ca list --all + master1.domain (SHA256) AB:E1:EE:F5:9C:C7:F5:4F:37:76:A0:AB:93:60:9A:E9:69:58:12:A6:37:4E:29:CD:7C:B7:A1:07:80:3B:13:47 and I "puppet agent -t" from self mater1.domain and all worked ok. The signature of the first node showed the certificate ( I had not seen this at previous puppet versions). # puppet ca list agent1.domain (MD5) F9:88:19:CF:82:84:AD:AE:F8:EC:0B:A3:04:E8:65:CC # puppet ca sign agent1.domain Signed certificate request for agent1.domain Removing file Puppet::SSL::CertificateRequest agent1.domain at '/var/lib/puppet/ssl/ca/requests/agent1.domain.pem' "-----BEGIN CERTIFICATE-----\nMIID2TCCAcGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB1QdXBw\nZXQgQ0E6IGN1dHRlci5yb290d2F5LmNvbTAeFw0xMjEyMDUyMTA2MTdaFw0xNzEy\nMDUyMTA2MTdaMB4xHDAaBgNVBAMME3Rlc3Rhd3Mucm9vdHdheS5jb20wgZ8wDQYJ\nKoZIhvcNAQEBBQADgY0AMIGJAoGBALggbp23HqJJvloI7WHH/EMMBj1W5JS3ctNn\n82Z66HTnwe6pbNw4l654nNJWsdxgIc6Bia23DoQejUmNrQ9nKN+63JK7lXQ//88k\nt19ixI6dMst/p1B7LGUBH1CE542/5MifU70+mOIdTfUzRTra9C0CuoyAh6LeLPNj\nu7Ov6d5jAgMBAAGjgZswgZgwDAYDVR0TAQH/BAIwADA3BglghkgBhvhCAQ0EKhYo\nUHVwcGV0IFJ1YnkvT3BlblNTTCBJbnRlcm5hbCBDZXJ0aWZpY2F0ZTAOBgNVHQ8B\nAf8EBAMCBaAwHQYDVR0OBBYEFEqIAYrvXq1/SB4SCcvqQ/xkbtFQMCAGA1UdJQEB\n/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAgEAdmDO\n5N4pq73lu6FLagVBwDFgw0813EHj1uBodkYtm7Lg3PaxLhTepn+gZF4vXQbLJTO3\njCpAxj3jsuiuGiYUscV2VGnRBVX5LrFdugg1R14XfSHmBSin8YhhkdKD8F8xP/Pl\ncNCRVOOl8+as+SjvtXpF/5EoAxsEi/aBRET/HM3EEPPEweeRuT5S6R1XSRSGUX7g\nQpSQw1D3M12FYYHTbWSA8kQX6B/KCgeHTzHsPPEbqtS2fsfFHzKYvLNzbf2IAvJL\ncAobf+IQkqgdNTehTftx/DWRkahIGN7Joaza19e45z8f IsqOROx74HaZTxZN7WDu\ns+7XrNt0kvsaVcW/ro/8chheIpeHXkrerPPcZA+ToPR3uN+O/OFkzxVbFMcCYwKr\nag1GgnWRH8TSMatMbqeqJjsUGaEDxaYG+7UigUEzvSvohalNC18yKHnX+hhB9QF0\nDr2fSvYbF8TCTEqckZC4O3JNYLqqV7n2dZ5eo/e/9d/MYzzfRUSyWtL05yCY6II5\nAuD3X1ZvzWUJUY1tVmqO7PyzV/LwBxB/25sfXVKyn0pffkP0WtkycgQtarRxLmLw\nibIbZg7QunADecve+nTk/3KMAwbBRRaoO2wVEdcm0BqLDvRGRNcR+P4kjz0eZ/FQ\nHLyd1G25T/bdL9RFkqXVXHMAQOf8PKT1jNdZBm0=\n-----END CERTIFICATE-----\n" After that I was unable to list --all again: # puppet ca list --all Error: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: 47:86:DF:83:53:A3:14:AB:C6:9B:B6:2A:30:A3:61:DB:DC:17:7A:40:CA:AC:33:12:BB:67:07:9F:2A:77:DA:CF To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean master1.domain On the agent: rm -f /var/lib/puppet/ssl/certs/master1.domain.pem puppet agent -t I have complete remove /var/lib/puppet/ssl and recreate all certificates with THE SAME steps and error. Suggestions? --- Rodolfo Pilas http://www.pilas.net @ysidorito -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
