Ahh, those lines are different. The ones I have point to /etc/puppet/ssl.... Yep, the cert you've just pointed to look like they match what I'm getting from WebBrick.
On Sunday, 23 March 2014 01:59:50 UTC+8, Spencer Krum wrote: > > You should have several lines in your apache vhost pointing to specific > ssl certs. Can you verify that all these paths are correct? > > Specifically the lines beginning with SSL in > http://docs.puppetlabs.com/guides/passenger.html#create-and-enable-the-puppet-master-vhost > > > On Sat, Mar 22, 2014 at 7:51 AM, Tom Hallam <thalla...@gmail.com> wrote: > >> Hi All >> >> >> I've been running Puppet using the build in web server and I'm now moving >> to Apache and Passenger. I've completed the installation and started >> testing. If I run >> >> >> puppet agent --test --noop >> >> >> I get the following error (domain removed) >> >> >> Warning: Unable to fetch my node definition, but the agent run will >> continue: >> >> Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server >> certificate B: certificate verify failed: [certificate signature failure >> for /CN=ecm-rhl-001...] >> >> Info: Retrieving plugin >> >> Error: /File[/var/lib/puppet/lib]: Failed to generate additional >> resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 >> read server certificate B: certificate verify failed: [certificate >> signature failure for /CN=ecm-rhl-001...] >> >> Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed: [certificate signature failure for /CN=ecm-rhl-001....] >> Could not retrieve file metadata for puppet://puppet..../plugins: >> SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: >> certificate verify failed: [certificate signature failure for >> /CN=ecm-rhl-001...] >> >> Error: Could not retrieve catalog from remote server: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed: [certificate signature failure for /CN=ecm-rhl-001...] >> >> Warning: Not using cache on failed catalog >> >> Error: Could not retrieve catalog; skipping run >> >> Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 >> read server certificate B: certificate verify failed: [certificate >> signature failure for /CN=ecm-rhl-001...] >> >> If I turn apache off and the built in webserver back on it all works. >> >> >> The server I'm running puppet on server that has a CNAME "puppet...." >> that points to its real name "ecm-rhl-001...". Apache site is configured >> with "ecm-rhl-001..." as the servername and "puppet..." as server >> alias. The system returns 'ecm-rhl-001' for hostname and >> 'ecm-rhl-001....' for hostname -f. The certificate has "ecm-rhl-001..." >> as its CN and "puppet..." as one of its "alt names". Obviously the cert is >> OK as it works with the built in webserver. It looks like I'm missing >> something in the apache SSL or Passenger configuration but I have no idea >> what. >> >> >> I've tried various permutations of servername and serveralias without >> success. Changing the server name in the agent configuration so it users >> the real name instead of the CNAME also does not fix the issue. >> >> >> Any suggestions? >> >> >> Tom >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/f21d077a-14f8-4712-a0d6-8e8bfeb0652a%40googlegroups.com<https://groups.google.com/d/msgid/puppet-users/f21d077a-14f8-4712-a0d6-8e8bfeb0652a%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Spencer Krum > (619)-980-7820 > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3c30c2ee-e5de-4dce-b7e4-e434f9ed2880%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
