FAQ
Hello,

Have a fully working setup with mostly Linux clients running on a 2.7.x
master all is good.

Trying to join Solaris clients to this master yields:-
info: Creating a new SSL key for <FQDN>
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for <FQDN>
info: Certificate Request fingerprint (md5):
7D:9C:6E:49:BB:19:06:F8:4C:4D:78:1D:C1:EF:0F:84
warning: peer certificate won't be verified in this SSL session
debug: Using cached certificate for ca
warning: peer certificate won't be verified in this SSL session
err: Could not request certificate: time out of range

NTP is running fine on both machines and the time is in sync.

# date
Wed Feb 27 08:04:36 GMT 2013

This is on the client which is the same as all the rest of the Linux
clients.
# openssl x509 -text -in /etc/puppet/ssl/certs/ca.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Puppet CA: <PUPPETMASTER-FQDN>
Validity
Not Before: Dec 28 11:11:33 2011 GMT
Not After : Dec 27 11:11:33 2016 GMT
Subject: CN=Puppet CA: <PUPPETMASTER-FQDN>

These are using the OpenCSW Solaris packages.

I cannot work out why this is happening.

master logs show:-
Could not find certificate for '<FQDN>'
Could not find certificate_request for '<FQDN>'
<FQDN> has a waiting certificate request
Signed certificate request for <FQDN>
Removing file Puppet::SSL::CertificateRequest <FQDN> at
'/etc/puppet/ssl/ca/requests/<FQDN>.pem'

I am really stumped now. Any ideas what it could be, anything else to check
?

Thanks
Paul

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • OlliesDad at Feb 27, 2013 at 3:03 pm
    On Wednesday, February 27, 2013 8:09:11 AM UTC, Olli...@googlemail.com wrote:
    Figured it out in the end.

    Puppet CA server had ca_ttl=25y in it. Solaris is still packing a 32bit
    OpenSSL. Which took it over 2038

    Set down a few years and it's fine now.

    Thanks Solaris....

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedFeb 27, '13 at 8:09a
activeFeb 27, '13 at 3:03p
posts2
users1
websitepuppetlabs.com

1 user in discussion

OlliesDad: 2 posts

People

Translate

site design / logo © 2022 Grokbase