Ask Your Question

err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate revoked

asked 2013-06-17 19:37:45 -0600

Sheryll_SF gravatar image

Hi all,

I encountered this error when I ran puppet agent --test. Does anyone know possible resolution for this?

Thanks, Sheryll

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted

answered 2013-06-17 20:05:34 -0600

Ancillas gravatar image

updated 2013-06-17 20:06:11 -0600

If you run puppet cert --list --all on the master, you'll get a list of certificates and their states. It looks like the error message is telling you that the cert for your client is revoked.

Clean the cert from the master by running puppet cert --clean <hostname>. Then, try your client puppet sync again. This time, a cert signing request should be generated. Then, you just need to sign the cert and you're good to go. puppet cert --sign <hostname>.

edit flag offensive delete link more

answered 2013-06-18 12:19:52 -0600

Sheryll_SF gravatar image

Thank you, Ancillas

I ran puppet cert --list --all command as root and there were no revoked certs among the clients. I noticed though that I get the initial error when running command puppet agent --test as myself. I don't get an error when I run as root.

edit flag offensive delete link more

answered 2014-02-14 16:22:30 -0600

gabe_sky gravatar image

tl;dr: Always run puppet agent as root.

You get different SSL configurations if you run as root vs running as a non-root user.

When your agent first ran, it generated SSL components in the main puppet ssl directory, and sent those to the master for signing. You then signed those on the master, and that's why puppet cert thinks everything is fine.

When you try to run the agent as a non-root user, it generates new SSL certificates just for that one user, and sends off a second signing request. (Sort of like ssh -- every user has their ... (more)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2013-06-17 19:37:45 -0600

Seen: 9,371 times

Last updated: Feb 14 '14