Re: [Puppet Users] Re: Borked Client Cert in 0.25

2010-06-28 Thread Robert Krombholz 

Hi,

had the same problem a few days ago (luckily only in a test environment).
It seems that puppetca --clean ... is not enough in this case.
For me it was solved be deleting the corresponding cert from 
/etc/puppet/ssl/certs on the server  the client.


Robert

On Sun, Jun 27, 2010 at 12:47 PM, Douglas Garstang
doug.garst...@gmail.com  wrote:
   

On Sun, Jun 27, 2010 at 12:34 PM, Douglas Garstang
doug.garst...@gmail.com  wrote:
 

Here we go with puppet 0.25 certificate problems again.

I had a system where puppet was running fine. I reinstalled it.
Running puppet on the client causes this:

Could not request certificate: Retrieved certificate does not match
private key; please remove certificate from server and regenerate it
with the current key.

Fine... so I run 'puppetca --clean kick01.fr.xxx.com' on the server,
who responds with:

[r...@inst01 puppet]# puppetca --clean kick01.fr.xxx.com
kick01.fr.xxx.com
notice: Removing file Puppet::SSL::Certificate kick01.fr.xxx.com at
'/var/lib/puppet/ssl/ca/signed/kick01.fr.xxx.com.pem'

I then rerun puppet on the client and I am getting the same error. I
must have done this hundreds of times with 0.24.8. What am I doing
wrong now?

Doug.

   

*sigh*

On the client, I removed the puppet rpm, blew away /var/lib/puppet,
and reinstalled the puppet rpm again. Started puppet, it requested a
certificate (but it logged nothing on the client about it, even in
debug mode), signed it on the server, and I am still getting this on
the client.

warning: peer certificate won't be verified in this SSL session
info: Caching certificate for kick01.fr.xxx.com
err: Could not request certificate: Retrieved certificate does not
match private key; please remove certificate from server and
regenerate it with the current key

*sigh*

 

Puppet is on crack. Even when the server isn't running, I STILL get this error!

   


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Borked Client Cert in 0.25

2010-06-27 Thread Patrick Mohr 

On Jun 27, 2010, at 12:50 PM, Douglas Garstang wrote:

 On Sun, Jun 27, 2010 at 12:47 PM, Douglas Garstang
 doug.garst...@gmail.com wrote:
 On Sun, Jun 27, 2010 at 12:34 PM, Douglas Garstang
 doug.garst...@gmail.com wrote:
 Here we go with puppet 0.25 certificate problems again.
 
 I had a system where puppet was running fine. I reinstalled it.
 Running puppet on the client causes this:
 
 Could not request certificate: Retrieved certificate does not match
 private key; please remove certificate from server and regenerate it
 with the current key.
 
 Fine... so I run 'puppetca --clean kick01.fr.xxx.com' on the server,
 who responds with:
 
 [r...@inst01 puppet]# puppetca --clean kick01.fr.xxx.com
 kick01.fr.xxx.com
 notice: Removing file Puppet::SSL::Certificate kick01.fr.xxx.com at
 '/var/lib/puppet/ssl/ca/signed/kick01.fr.xxx.com.pem'
 
 I then rerun puppet on the client and I am getting the same error. I
 must have done this hundreds of times with 0.24.8. What am I doing
 wrong now?
 
 Doug.
 
 
 *sigh*
 
 On the client, I removed the puppet rpm, blew away /var/lib/puppet,
 and reinstalled the puppet rpm again. Started puppet, it requested a
 certificate (but it logged nothing on the client about it, even in
 debug mode), signed it on the server, and I am still getting this on
 the client.
 
 warning: peer certificate won't be verified in this SSL session
 info: Caching certificate for kick01.fr.xxx.com
 err: Could not request certificate: Retrieved certificate does not
 match private key; please remove certificate from server and
 regenerate it with the current key
 
 *sigh*
 
 
 Puppet is on crack. Even when the server isn't running, I STILL get this 
 error!

I think I know what the problem is.  I ran into this exact error message 
before.  Try this:

Step 1, run this on client:
service puppet stop
rm -R /var/lib/puppet

Step 2, run this on server:
puppetca --clean kick01.fr.xxx.com #Make sure to change this back

Step 3, run this on client:
#Restart the client how ever you like.  I recommend this for testing:
puppetd --test --verbose --debug


I'm pretty sure this will work.  If it does, I'll by happy to explain why you 
got all those different error messages.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.