Ask Your Question
0

puppet module install fails

asked 2014-11-18 04:25:51 -0600

bantubanerji gravatar image

Puppet module install fails with the following error .. Unable to verify the SSL certificate The certificate may not be signed by a valid CA The CA bundle included with OpenSSL may not be valid or up to date

Please guide me how I can fix this ?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2016-06-26 08:57:19 -0600

nilton gravatar image

SSL certificates are system time sensitive (did you suspend your virtual machine?). First thing you do is check if your timedate is up to date, if not, use this to set your timedate:

 date
 ntpdate <timeserver>

Second might be that your certificates are not up to date, use yum to update it.

yum update openssl -y

If it still does not work, try to add the certificate manually:

Getting the certificate.

Method 1 Download the certificate from Firefox,

https://forgeapi.puppetlabs.com/

click on the lock left to the https:// and "view certificate", "details", "export".

Method 2 From the command line you could do:

echo -n|openssl s_client -connect forgeapi.puppetlabs.com:443  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/forgeapi.puppetlabs.com.cert

Install the ca-certificates package

yum install ca-certificates

Enable the dynamic CA configuration feature:

update-ca-trust force-enable

Add it as a new file to /etc/pki/ca-trust/source/anchors/:

cp /tmp/forgeapi.puppetlabs.com.cert /etc/pki/ca-trust/source/anchors/

Use command:

update-ca-trust extract

For other suggestions, see also

https://ask.puppet.com/question/250/could-not-connect-via-https-to-httpsforgepuppetlabscom/
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-11-18 04:25:51 -0600

Seen: 95 times

Last updated: Jun 26 '16