Certificate Authority

asked 2014-12-02 01:04:50 -0600

thampi_lakshmi gravatar image

updated 2014-12-03 03:25:22 -0600

domcleal gravatar image

In the open source setup i have only one server and client. In this setup i am unable to create ceriticate for my client - sys-server with the server - Puppet

the client Puppet.conf : is

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
ca_server = puppet

In this the ca_server is specified as puppet which is the server hostname.

I get this errror on cleint when trying to create the ceritficate

lakshmi@puppet:/etc/puppet$ sudo puppet certificate sign --ca-location=local sys-server
Error: This process is not configured as a certificate authority
Error: Try 'puppet help certificate sign' for usage
edit retag flag offensive close merge delete

Comments

1

You show ca_server=puppet (the server), but you said --ca_location=local. What happens if you just run "puppet agent -t" on the client? It should give you a message that it is waiting for a cert. Then run "puppet cert list" on the master and you should see the certificate to sign.

lorcutt gravatar imagelorcutt ( 2014-12-02 08:46:22 -0600 )edit