puppetdb ssl access

asked 2014-10-14 01:25:32 -0500

tle gravatar image

I want to access the puppetdb API from a seperate host. I have done the following:

  1. Generated a new cert: $ puppet cert generate tc-remote
  2. added the certname to the whitelist: $ echo "tc-remote" >> /etc/puppetlabs/puppetdb/certificate-whitelist
  3. Test from puppetmaster:
     $ curl 'https://puppetmaster.mgmt.local:8081/v3/nodes' --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem --cert /etc/puppetlabs/puppet/ssl/certs/tc-remote.pem --key /etc/puppetlabs/puppet/ssl/private_keys/tc-remote.pem
    

This returns results as expected. However when i move the certificates to my machine and use the same command i get:

curl: (35) Unknown SSL protocol error in connection to puppetmaster.mgmt.local:-9805

is this something to do with my local machine not being managed by puppet?

btw i am running version: "1.6.2.0-9"

edit retag flag offensive close merge delete

Comments

Ok, I just verified that this is a curl issue not a puppet issue. I can connect and receive data using nodejs and these certificates. Does anyone know what flags to give curl that resolve this protocol error?

tle gravatar imagetle ( 2014-10-14 01:50:43 -0500 )edit
1

Have you tried --tlsv1? If you've limited PuppetDB to only listen on TLS, you might need to force this perhaps? Let me know the exact distro otherwise so I can see if I can replicate it with that revision of curl.

ken gravatar imageken ( 2014-10-23 12:53:08 -0500 )edit

adding --tlsv1 fixes the problem for me! Thanks!

kariboe gravatar imagekariboe ( 2015-01-21 05:59:15 -0500 )edit