Ask Your Question
0

Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com

asked 2015-10-16 14:07:22 -0500

dwaynek gravatar image

am having problems connecting to puppet forge on Redhat 6.7 under puppet 4.2 (behind a proxy/firewall), when i do:

puppet module search or install

the error msg:

Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com Unable to verify the SSL certificate The certificate may not be signed by a valid CA The CA bundle included with OpenSSL may not be valid or up to date Error: Try 'puppet help module search' for usage

i've tried:

yum install openssl --> didnt work

cd /etc/pki/tls/certs curl -k -L -O https://raw.githubusercontent.com/bag... --> didnt work

inserting http_proxy under [user] in puppet.conf didnt work

export httpproxy & export httpsproxy --> didnt work

i'm at my wits end!! does someone have a solution?

edit retag flag offensive close merge delete

Comments

Similar trouble here. Mine is with Centos 7 and I am behind a proxy firewall. I have installed the pem certs (update-ca-trust) , setup the https_proxy and http_proxy environment variables. Cannot install modules due to "Unable to verify the SSL certificate". I am hoping that your "fix" will help

jacklmco gravatar imagejacklmco ( 2016-01-06 19:02:32 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2015-10-17 04:15:32 -0500

Hello!

Could you try: [root@puppetmaster ~]# curl -O https://www.geotrust.com/resources/rootcertificates/certificates/GeoTrustGlobal_CA.pem % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1234 100 1234 0 0 1476 0 --:--:-- --:--:-- --:--:-- 1476

and then: [root@puppetmaster ~]# curl --cacert GeoTrustGlobalCA.pem https://forge.puppetlabs.com/ping

[{"name":"api","responsecode":200,"responsebody":[{"name":"db","responsecode":200,"responsebody":{"schema":"6c8349cc7260ae62e3b1396831a8398f"}},{"name":"dbwritable","responsecode":200,"responsebody":true},{"name":"s3","responsecode":200,"response_body":true}]}][root@puppetmaster ~]#

if the responses arent like the above, especially after you installed openssl (which I'm assuming installed without errors etc?)

if this fails I suspect the issue is networking firewall maybe.. speak with your network guys about opening the ports for you?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2015-10-16 14:07:22 -0500

Seen: 1,176 times

Last updated: Oct 17 '15