Ask Your Question
0

err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate revoked

asked 2013-06-17 19:37:45 -0500

Sheryll_SF gravatar image

Hi all,

I encountered this error when I ran puppet agent --test. Does anyone know possible resolution for this?

Thanks, Sheryll

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted
0

answered 2013-06-17 20:05:34 -0500

Ancillas gravatar image

updated 2013-06-17 20:06:11 -0500

If you run puppet cert --list --all on the master, you'll get a list of certificates and their states. It looks like the error message is telling you that the cert for your client is revoked.

Clean the cert from the master by running puppet cert --clean <hostname>. Then, try your client puppet sync again. This time, a cert signing request should be generated. Then, you just need to sign the cert and you're good to go. puppet cert --sign <hostname>.

edit flag offensive delete link more
0

answered 2013-06-18 12:19:52 -0500

Sheryll_SF gravatar image

Thank you, Ancillas

I ran puppet cert --list --all command as root and there were no revoked certs among the clients. I noticed though that I get the initial error when running command puppet agent --test as myself. I don't get an error when I run as root.

edit flag offensive delete link more
0

answered 2014-02-14 16:22:30 -0500

fnaard gravatar image

tl;dr: Always run puppet agent as root.

You get different SSL configurations if you run as root vs running as a non-root user.

When your agent first ran, it generated SSL components in the main puppet ssl directory, and sent those to the master for signing. You then signed those on the master, and that's why puppet cert thinks everything is fine.

When you try to run the agent as a non-root user, it generates new SSL certificates just for that one user, and sends off a second signing request. (Sort of like ssh -- every user has their ... (more)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2013-06-17 19:37:45 -0500

Seen: 8,790 times

Last updated: Feb 14 '14