Ask Your Question
0

Module installation, SSL error

asked 2016-01-07 08:47:13 -0600

Tozz gravatar image

I just configured a new puppetserver, with Debian 8 (Jessie). Clean install.

I installed Puppet from the Puppet repo and installed ca-certificates. When trying to install something I get:

Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com
Unable to verify the SSL certificate The certificate may not be signed by a valid CA The CA bundle included with OpenSSL may not be valid or up to date

All hints towards this issue go to installing ca-certificates. I have installed this package, I also see the GeoTrust CA installed in /etc/ssl/certs/.

I noticed the certificate on forgeapi.puppetlabs.com is a deprecated SHA-1 certificate. Could this be the source of this issue? Or does someone have another thing to try?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2016-01-08 06:58:11 -0600

Tozz gravatar image

I managed to resolve the issue, by manually copying/symlinking the certificates from /etc/ssl/certs to /opt/puppetlabs/puppet/ssl/certs/

No clue why the "usual" way didn't work in my case. It was a clean install.

edit flag offensive delete link more
0

answered 2016-01-07 11:49:19 -0600

I just tested this on a 8.2 Debian server without error. (ca-certificates=20141019 and openssl=1.0.1k-3+deb8u2)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-01-07 08:47:13 -0600

Seen: 161 times

Last updated: Jan 08 '16