On Thu, Jan 7, 2016 at 5:41 PM, Matt Zagrabelny <mzagr...@d.umn.edu> wrote: > On Thu, Jan 7, 2016 at 5:35 PM, Peter Kristolaitis <alte...@alter3d.ca> wrote: >> Apparently I was a little too quick on the send button. :( >> >> To continue my previous email: >> >> Does 'puppet cert list --all' show any certs at all? > > Yep: > > # puppet cert list --all > + "puppet-client-1.example.net" (SHA256) > A3:73:DC:89:B2:13:D4:C5:7A:58:B9:EB:7E:6A:22:1C:36:97:BD:8F:4C:AD:18:39:2E:F8:10:2C:29:36:F6:82 > + "puppet-3-7.example.net" (SHA256) > E6:F6:7D:6C:D8:30:6C:AC:1E:B5:5D:29:E8:11:0C:CB:54:22:BA:B3:96:C1:E2:49:7A:48:CF:3E:F8:12:43:24 > (alt names: "DNS:puppet-3-7", "DNS:puppet-3-7.example.net") > > I don't remember what I did to get the master to accept the CSR of > puppet-client-1 earlier, but I did have similar issues where I ran the > client and the master didn't show any unsigned certs when running > "puppet cert list". > > That was a few weeks ago. I'm just coming back to puppet 3.7 now.
Regenerating the client cert and connecting to the master seems to get me one step further. client: find /var/lib/puppet/ssl -name puppet-cliet.example.net.pem -delete server: puppet cert clean puppet-client.example.net client: puppet agent -t --server puppet-3-7 --debug server: puppet cert list "puppet-client.example.net" (SHA256) E9:D3:10:D4:A0:0D:C7:BC:1F:FA:70:3E:DD:35:35:6C:1C:5C:D0:48:61:96:25:2F:E7:D2:DA:8F:4E:3F:24:CB puppet cert sign puppet-client.example.net client: puppet agent -t --server puppet-3-7 --debug [...] Error: Could not request certificate: SSL_connect returned=1 errno=0 state=unknown state: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppet-3-7.example.net] Exiting; failed to retrieve certificate and waitforcert is disabled Then performing the above steps, but clearing out all .pem files on the client seemed to fix the issue. Cheers! -m -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOLfK3XrqYOYVQrizt-DddNR8ggtBp-fyqmc0N4XnH_DG2i3wQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
