FAQ
Hi Friends,

I am trying to run puppet with apache on Centos 6.2. 64-bit (with
selinux off) but it seems apache is refusing to read the pem file of
puppet. Below are the errors I am getting in the apache logs.
Puppetmaster is working fine without Apache. The same setup is working
fine with (Puppet + Apache) in another office . What could be the
problem that apache is not able to read the files.


Fri Jun 08 02:06:37 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:06:37 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:06:37 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:06:40 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:06:40 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:06:40 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:06:40 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:06:53 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:06:53 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:06:53 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:06:53 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:21:12 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:21:12 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:21:12 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:21:12 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:27:26 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:27:26 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:27:26 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:27:26 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
[Fri Jun 08 02:31:06 2012] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jun 08 02:31:06 2012] [error] Init: Unable to read server
certificate from file
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
[Fri Jun 08 02:31:06 2012] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 08 02:31:06 2012] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error
^C


puppet.conf

Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
SSLCertificateFile /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can
try disabling
# CRL checking by commenting the next line, but this is not recommended.
# SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# Set to require if this puppetmaster doesn't issue certificates
# to puppet clients.
# NB: this requires SSLCACertificateFile to include the CA cert
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars

# Passenger options that can be set in a virtual host
# configuration block.
PassengerHighPerformance on
PassengerStatThrottleRate 120
PassengerUseGlobalQueue on
RackAutoDetect Off
RailsAutoDetect Off
RackBaseURI /
PassengerMaxRequests 10000
DocumentRoot /etc/puppet/rack/public


<Directory /etc/puppet/rack/>
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Jo Rhett at Jun 8, 2012 at 4:37 pm
    Check ownership of config.ru. Passenger runs based on the owner of that file.
    On Jun 8, 2012, at 1:40 AM, ankush grover wrote:
    Hi Friends,

    I am trying to run puppet with apache on Centos 6.2. 64-bit (with
    selinux off) but it seems apache is refusing to read the pem file of
    puppet. Below are the errors I am getting in the apache logs.
    Puppetmaster is working fine without Apache. The same setup is working
    fine with (Puppet + Apache) in another office . What could be the
    problem that apache is not able to read the files.


    Fri Jun 08 02:06:37 2012] [error] Init: Unable to read server
    certificate from file
    /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
    [Fri Jun 08 02:06:37 2012] [error] SSL Library Error: 218529960
    error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Fri Jun 08 02:06:37 2012] [error] SSL Library Error: 218595386
    error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
    error
    [Fri Jun 08 02:06:40 2012] [notice] suEXEC mechanism enabled (wrapper:
    /usr/sbin/suexec)
    [Fri Jun 08 02:06:40 2012] [error] Init: Unable to read server
    certificate from file
    /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
    [Fri Jun 08 02:06:40 2012] [error] SSL Library Error: 218529960
    error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Fri Jun 08 02:06:40 2012] [error] SSL Library Error: 218595386
    error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
    error
    [Fri Jun 08 02:06:53 2012] [notice] suEXEC mechanism enabled (wrapper:
    /usr/sbin/suexec)
    [Fri Jun 08 02:06:53 2012] [error] Init: Unable to read server
    certificate from file
    /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
    [Fri Jun 08 02:06:53 2012] [error] SSL Library Error: 218529960
    error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Fri Jun 08 02:06:53 2012] [error] SSL Library Error: 218595386
    error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
    error
    [Fri Jun 08 02:21:12 2012] [notice] suEXEC mechanism enabled (wrapper:
    /usr/sbin/suexec)
    [Fri Jun 08 02:21:12 2012] [error] Init: Unable to read server
    certificate from file
    /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
    [Fri Jun 08 02:21:12 2012] [error] SSL Library Error: 218529960
    error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Fri Jun 08 02:21:12 2012] [error] SSL Library Error: 218595386
    error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
    error
    [Fri Jun 08 02:27:26 2012] [notice] suEXEC mechanism enabled (wrapper:
    /usr/sbin/suexec)
    [Fri Jun 08 02:27:26 2012] [error] Init: Unable to read server
    certificate from file
    /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
    [Fri Jun 08 02:27:26 2012] [error] SSL Library Error: 218529960
    error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Fri Jun 08 02:27:26 2012] [error] SSL Library Error: 218595386
    error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
    error
    [Fri Jun 08 02:31:06 2012] [notice] suEXEC mechanism enabled (wrapper:
    /usr/sbin/suexec)
    [Fri Jun 08 02:31:06 2012] [error] Init: Unable to read server
    certificate from file
    /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
    [Fri Jun 08 02:31:06 2012] [error] SSL Library Error: 218529960
    error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Fri Jun 08 02:31:06 2012] [error] SSL Library Error: 218595386
    error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
    error
    ^C


    puppet.conf

    Listen 8140
    <VirtualHost *:8140>
    SSLEngine on
    SSLProtocol -ALL +SSLv3 +TLSv1
    SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
    SSLCertificateKeyFile
    /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
    SSLCertificateFile /var/lib/puppet/ssl/private_keys/ezepuppet.synapse.ar.pem
    SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    # If Apache complains about invalid signatures on the CRL, you can
    try disabling
    # CRL checking by commenting the next line, but this is not recommended.
    # SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
    # Set to require if this puppetmaster doesn't issue certificates
    # to puppet clients.
    # NB: this requires SSLCACertificateFile to include the CA cert
    SSLVerifyClient optional
    SSLVerifyDepth 1
    SSLOptions +StdEnvVars

    # Passenger options that can be set in a virtual host
    # configuration block.
    PassengerHighPerformance on
    PassengerStatThrottleRate 120
    PassengerUseGlobalQueue on
    RackAutoDetect Off
    RailsAutoDetect Off
    RackBaseURI /
    PassengerMaxRequests 10000
    DocumentRoot /etc/puppet/rack/public


    <Directory /etc/puppet/rack/>
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
    </Directory>
    </VirtualHost>

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
    --
    Jo Rhett
    Net Consonance : net philanthropy to improve open source and internet projects.



    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Sans at Jun 8, 2012 at 11:47 pm
    I don't wanna hijack the thread but I'm also having almost the same issue.
    For me httpd/passenger starts just fine but puppetmaster doesn't start
    until I start it manually using puppetmasterd on the box. These are in the
    httpd_error log:


    [Fri Jun 08 19:24:06 2012] [notice] suEXEC mechanism enabled (wrapper:
    /usr/sbin/suexec)
    [Fri Jun 08 19:24:06 2012] [notice] Digest: generating secret for digest
    authentication ...
    [Fri Jun 08 19:24:06 2012] [notice] Digest: done
    [Fri Jun 08 19:24:07 2012] [notice] Apache/2.2.15 (Unix) DAV/2
    Phusion_Passenger/3.0.12 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured --
    resuming normal operations
    Is it related? Cheers!!

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/FALCmGVaxmgJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Ankush grover at Jun 12, 2012 at 5:21 am
    Please check ownership of config.ru and also check whether there is
    entry for puppet in /etc/hosts file.
    On Sat, Jun 9, 2012 at 5:17 AM, Sans wrote:
    I don't wanna hijack the thread but I'm also having almost the same issue.
    For me httpd/passenger starts just fine but puppetmaster doesn't start until
    I start it manually using puppetmasterd on the box. These are in the
    httpd_error log:

    [Fri Jun 08 19:24:06 2012] [notice] suEXEC mechanism enabled (wrapper:
    /usr/sbin/suexec)
    [Fri Jun 08 19:24:06 2012] [notice] Digest: generating secret for digest
    authentication ...
    [Fri Jun 08 19:24:06 2012] [notice] Digest: done
    [Fri Jun 08 19:24:07 2012] [notice] Apache/2.2.15 (Unix) DAV/2
    Phusion_Passenger/3.0.12 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured --
    resuming normal operations

    Is it related? Cheers!!

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To view this discussion on the web visit
    https://groups.google.com/d/msg/puppet-users/-/FALCmGVaxmgJ.

    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedJun 8, '12 at 8:40a
activeJun 12, '12 at 5:21a
posts4
users3
websitepuppetlabs.com

3 users in discussion

Ankush grover: 2 posts Jo Rhett: 1 post Sans: 1 post

People

Translate

site design / logo © 2022 Grokbase