Ask Your Question
0

Error: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert bad certificate

asked 2016-01-13 08:07:17 -0600

Amim gravatar image

I am running puppet agent --test on an agent (3.8.4). I removed the entire /var/lib/puppet/ssl directory and cleaned it from the master

and I get: Error: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert bad certificate

and if I try to tun "puppet agent -test" again I get it again with additional errors:

Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSLconnect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert bad certificate Info: Retrieving pluginfacts Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'evalgenerate': SSLconnect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert bad certificate Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://ilpuppet-amd/pluginfacts: SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: ilpuppet-amd]

and more...

any suggestions?

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted
0

answered 2017-04-11 23:20:21 -0600

nirulabs gravatar image

I am facing the same issue, was there any luck..

edit flag offensive delete link more
0

answered 2016-01-14 07:19:03 -0600

on the master/ca server you need to run:

puppet cert clean client-certname

on the client rm -rf /var/lib/puppet/ssl

then on the client:

puppet agent --server servername --waitforcert 60

if you dont have autosign enabled then on the server run puppet cert sign certname..

cheers Stuart

edit flag offensive delete link more
0

answered 2016-01-17 02:04:16 -0600

Amim gravatar image

updated 2016-01-17 05:34:47 -0600

Thanks Stuart, Yes I tried that too... but something is still wrong. I am trying to use a model of two separate ca-server and master server. I configured the agent that it will know them both a part using "ca_server" in the [main], and "server" in the [agent]. I also saw for sure using "puppet cert list --all" in the ca-server that it registers the agent properly, even after I remove it. but still:

[root@dto015 ~]# puppet agent --test Info: Creating a new SSL key for dto015 Info: Caching certificate for ca Info: csrattributes file loading from /etc/puppet/csrattributes.yaml Info: Creating a new SSL certificate request for dto015.corp.amdocs.com Info: Certificate Request fingerprint (SHA256): 0C:5F:A7:F5:5C:A7:FE:E8:F8:AC:F1:04:4F:2C:7F:05:11:B4:78:14:75:7B:46:57:AD:DC:64:46:AA:F5:64:CE Info: Caching certificate for dto015.corp.amdocs.com Info: Caching certificaterevocationlist for ca Error: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: ilpuppet-amd-main] Exiting; failed to retrieve certificate and waitforcert is disabled

running the second time will result with:

Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: ilpuppet-amd04] Info: Retrieving pluginfacts Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'evalgenerate': SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: ilpuppet-amd04] Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://ilpuppet-amd04/pluginfacts: SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: ilpuppet-amd04] Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'evalgenerate': SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: ilpuppet-amd04] Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://ilpuppet-amd04/plugins: SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: ilpuppet-amd04] Error: Could not retrieve catalog from remote server: SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: ilpuppet-amd04] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate ... (more)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2016-01-13 08:07:17 -0600

Seen: 5,838 times

Last updated: Jan 17 '16