Ask Your Question
0

Peer certificate cannot be authenticated with known CA certificates

asked 2015-02-04 06:10:00 -0500

meob gravatar image

I’ve been trying to get this going for the last 3 days.

My PE is setup & working, but looks like I am getting some CA Cert errors when running puppet agent –t from my dedicated razor server.

This is a screenshot of the failure piped to a logfile.

image description

I’ve done a far bit of googling trying to get around this to no avail

Any of the techs on your side might know a workaround or fix for this?

I appreciate any help

Thx

Dave

ESC[0;32mInfo: Retrieving pluginfactsESC[0m ESC[0;32mInfo: Retrieving pluginESC[0m ESC[0;32mInfo: Loading factsESC[0m ESC[0;32mInfo: Caching catalog for razor.spoc.emcESC[0m ESC[0;32mInfo: Applying configuration version '1422982366'ESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: + umask 0022ESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: + tmpdir=/opt/puppet/packages/razor-repo-15595ESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: + trap 'rm -rf '\''/opt/puppet/packages/razor-repo-15595'\''' exitESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: + mkdir -p /opt/puppet/packages/razor-repo-15595ESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: + curl -Lo /opt/puppet/packages/razor-repo-15595/puppet-enterprise-3.7.1-el-6-x8664.tar.gz https://pm.puppetlabs.com/puppet-enterprise/3.7.1/puppet-enterprise-3.7.1-el-6-x8664.tar.gzESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: % Total % Received % Xferd Average Speed Time Time Time CurrentESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: Dload Upload Total Spent Left SpeedESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: ^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0^M138 276 138 276 0 0 280 0 --:--:-- --:--:-- --:--:-- 2044ESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: curl: (60) Peer certificate cannot be authenticated with known CA certificatesESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: More details here: http://curl.haxx.se/docs/sslcerts.htmlESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: ESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: curl performs SSL certificate verification by default, using a "bundle"ESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: of Certificate Authority (CA) public keys (CA certs). If the defaultESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: bundle file isn't adequate, you can specify an alternate fileESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: using the --cacert option.ESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: If this HTTPS server uses a certificate signed by a CA represented inESC[0m ESC[mNotice: /Stage[main]/Perazor/Exec[unpack the razor repo]/returns: the bundle, the ... (more)

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2015-02-05 07:32:10 -0500

meob gravatar image

issue with CA certs on my side:

  • Peer's certificate issuer is not recognized: [text removed]
  • NSS error -8179
  • Closing connection #1
  • Peer certificate cannot be authenticated with known CA certificates

cant ever see that gettign fixed ;-)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-02-04 05:53:58 -0500

Seen: 856 times

Last updated: Feb 05 '15