On Thu, Jun 14, 2012 at 3:13 PM, Nan Liu wrote:
So normally for self signed CA the issuer and subject is the same. In
this case you are issuing the certs via:
CN=Puppet CA: top-level-master.domain

However you are asking the system to verify against a CA cert that
presents the subject as:
CN=Puppet CA: nlvmjt036.nwideweb.net
Well that's what I get for trying to sanitize the output before
posting to the list. nlvmjt036 is the name of my top-level master.
So you can you locate your CA cert with the subject?
Subject: CN=Puppet CA: top-level-master.domain
On my top-level master:
# diff -s /var/lib/puppet/ssl/ca/ca_crt.pem /var/lib/puppet/ssl/certs/ca.pem
Files /var/lib/puppet/ssl/ca/ca_crt.pem and
/var/lib/puppet/ssl/certs/ca.pem are identical

As mentioned previously, the top-level master's
/var/lib/puppet/ssl/certs/ca.pem file is identical to the subordinate
master's /var/lib/puppet/ssl/certs/ca.pem file.


You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 13 of 16 | next ›
Discussion Overview
grouppuppet-users @
postedJun 12, '12 at 6:54p
activeJun 15, '12 at 2:44a



site design / logo © 2022 Grokbase