FAQ
I'm trying to get puppet to connect to my puppetmaster, but I keep getting
the same error.

err: Could not retrieve catalog from remote server: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed

I've made sure ntpd is running during the kickstart and that the times are
the same on both machines. I've also ran puppet cert --clean --all on the
puppetmaster. I have the puppetmaster set to autosign all certs.

Any ideas what I'm missing? Everything I've found says to make sure the
clocks are the same, which I've already done. I did see one post talking
about an issue with Ruby 1.9.2, but I'm running 1.8.7.

Thanks.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Ashish Jaiswal at Aug 28, 2012 at 4:19 pm
    Hi,,

    Have you tried deleting the existing directory of master and agent..
    rm -frv /var/lib/puppet/ssl

    Try this and see if this work!!

    Regards,
    Ashish Jaiswal
    On Aug 28, 2012 8:58 PM, "Bai Shen" wrote:

    I'm trying to get puppet to connect to my puppetmaster, but I keep getting
    the same error.

    err: Could not retrieve catalog from remote server: SSL_connect returned=1
    errno=0 state=SSLv3 read server certificate B: certificate verify failed

    I've made sure ntpd is running during the kickstart and that the times are
    the same on both machines. I've also ran puppet cert --clean --all on the
    puppetmaster. I have the puppetmaster set to autosign all certs.

    Any ideas what I'm missing? Everything I've found says to make sure the
    clocks are the same, which I've already done. I did see one post talking
    about an issue with Ruby 1.9.2, but I'm running 1.8.7.

    Thanks.

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Bai Shen at Aug 28, 2012 at 5:25 pm
    That didn't seem to help. I got some weird errors about the certs not
    being able to be signed. I was finally able to get one test run, but after
    that it went back to giving me the same error.

    Any other suggestions?
    On Tue, Aug 28, 2012 at 12:18 PM, Ashish Jaiswal wrote:

    Hi,,

    Have you tried deleting the existing directory of master and agent..
    rm -frv /var/lib/puppet/ssl

    Try this and see if this work!!

    Regards,
    Ashish Jaiswal
    On Aug 28, 2012 8:58 PM, "Bai Shen" wrote:

    I'm trying to get puppet to connect to my puppetmaster, but I keep
    getting the same error.

    err: Could not retrieve catalog from remote server: SSL_connect
    returned=1 errno=0 state=SSLv3 read server certificate B: certificate
    verify failed

    I've made sure ntpd is running during the kickstart and that the times
    are the same on both machines. I've also ran puppet cert --clean --all on
    the puppetmaster. I have the puppetmaster set to autosign all certs.

    Any ideas what I'm missing? Everything I've found says to make sure the
    clocks are the same, which I've already done. I did see one post talking
    about an issue with Ruby 1.9.2, but I'm running 1.8.7.

    Thanks.

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Ashish at Aug 28, 2012 at 6:37 pm
    Hi,

    You sure, cos it seem to be really ugly certificate issue

    openssl x509 -text -noout -in
    /var/lib/puppet/ssl/certs/hostname.tld.pem | grep -A2 Validity

    Can you check the time period of your certificate.. and compare it with
    master one.
    if it is same, then something serious is happening

    Regards,
    System Admin
    Ashish Jaiswal
    On Tuesday 28 August 2012 10:55:14 PM IST, Bai Shen wrote:
    That didn't seem to help. I got some weird errors about the certs not
    being able to be signed. I was finally able to get one test run, but
    after that it went back to giving me the same error.

    Any other suggestions?

    On Tue, Aug 28, 2012 at 12:18 PM, Ashish Jaiswal wrote:

    Hi,,

    Have you tried deleting the existing directory of master and agent..
    rm -frv /var/lib/puppet/ssl

    Try this and see if this work!!

    Regards,
    Ashish Jaiswal

    On Aug 28, 2012 8:58 PM, "Bai Shen" wrote:

    I'm trying to get puppet to connect to my puppetmaster, but I
    keep getting the same error.

    err: Could not retrieve catalog from remote server:
    SSL_connect returned=1 errno=0 state=SSLv3 read server
    certificate B: certificate verify failed

    I've made sure ntpd is running during the kickstart and that
    the times are the same on both machines. I've also ran puppet
    cert --clean --all on the puppetmaster. I have the
    puppetmaster set to autosign all certs.

    Any ideas what I'm missing? Everything I've found says to
    make sure the clocks are the same, which I've already done. I
    did see one post talking about an issue with Ruby 1.9.2, but
    I'm running 1.8.7.

    Thanks.

    --
    You received this message because you are subscribed to the
    Google Groups "Puppet Users" group.
    To post to this group, send email to
    puppet-users@googlegroups.com
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.

    --
    You received this message because you are subscribed to the Google
    Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.


    --
    You received this message because you are subscribed to the Google
    Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedAug 28, '12 at 3:28p
activeAug 28, '12 at 6:37p
posts4
users2
websitepuppetlabs.com

2 users in discussion

Ashish: 2 posts Bai Shen: 2 posts

People

Translate

site design / logo © 2022 Grokbase