puppet enterprise agent sign error

asked 2014-12-31 06:17:12 -0600

Chutki gravatar image

Hi,

I have installed puppet enterprise 3.x.x. My master and agent server are same (using master and agent on the same server)

After installation done I tried to sign agent. but I got

Error: Could not find certificate request for agent.puppet.com

I removed all cert "puppet cert clean --all"

Then I ran puppet agent -t, the certification got generated for agnet

"agent.puppet.com" (SHA256) 08:74:xx:xx.......(alt names: "DNS:agent", "DNS:agent.puppet.com"

puppet cert sign agent.puppet.com
Notice: Signed certificate request for agent.puppet.com
Notice: Removing file Puppet::SSL::CertificateRequest agent.puppet.com '/etc/puppetlabs/puppet/ssl/ca/requests/agent.puppet.com.pem'

when I give "puppet cert list --all" again another sort of certification got generated for same agent with different ssh

"agent.puppet.com" (SHA256) E1:97:xx:xx.......(alt names: "DNS:agent", "DNS:agent.puppet.com")

what I know from list command is, it just list all waiting certificate. so again I tried to sign

puppet cert sign agent.puppet.com

I got

Error: Could not find certificate request for agent.puppet.com

When I run sample manifests

class sample {
notify {"Hello world"}
}

but I got below error

Info: Caching certificate for agent.puppet.com
Error: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: 
certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA generated on agent.puppet.com at 2014-12-31 05:59:41 -0500]

openssl s_client -connect agent.puppet.com:8140 -showcerts

I have got two ---Begin--- and ---END--- certificate details, also I verified

openssl verify -CAfile /etc/puppetlabs/puppet/ssl/certs/ca.pem /testcert/testfile

[root@xxx testcert]# openssl verify -CAfile /etc/puppetlabs/puppet/ssl/certs/ca.pem /testcert/testfile
/root/testcert/testfile: CN = agent.puppet.com
error 20 at 0 depth lookup:unable to get local issuer certificate

[root@xxxx testcert]# openssl verify -CAfile /etc/puppetlabs/puppet/ssl/certs/ca.pem /testcert/testfile2
/root/testcert/testfile2: CN = Puppet CA generated on agent.puppet.com at 2014-12-31 05:59:41 -0500
error 18 at 0 depth lookup:self signed certificate

what my doubt is, 1) when PE get install the certification list will generate automatically or manually do we need o generate 2) If you see "CA generated on agent.puppet.com at 2014-12-31 05:59:41 -0500" it shows the PE installation time, not the one what I manually run "puppet agent -t"

Please help me out. I am working on this more than 3 days to fix. still could not get any solution.

edit retag flag offensive close merge delete

Comments

is there any update.

Chutki gravatar imageChutki ( 2015-01-01 22:58:06 -0600 )edit