Ask Your Question
0

How do I get a certificate on a puppet agent server for the first time?

asked 2016-01-15 17:04:41 -0500

Conventional gravatar image

I am setting up the free version of Puppet. I cannot get a certificate on my Puppet agent server. I have Puppet master installed on Centos 7. I have Puppet Agent installed on Centos7. When I run puppet agent -t --verbose (on the agent server, when I am logged in as root), I get this error:

"Error could not request certificate: SSL_connect returned=1 errno=0 State=SSLv2/v3 read server hello A: unknown protocol"

My /etc/ssh/sshd_config file on both Linux servers is configured to allow ports 22, 443, 8140, and 61610. I tested these ports being open with ssh -p commands.

I ran openssl s_client -connect <hostname>:8140 --showcerts

The output showed this:

...
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 0 bytes.
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session
...

I am using a version of OpenSSL from January of 2013. Why cannot my Puppet Agent server get a certificate from the Puppet Master server? I don't know how to interpret the output of the openssl command above.

Can two Linux servers use SSH when different versions of OpenSSL are installed in each of them? I have tried the openssl command above when both versions were the same. I also tried a newer version of OpenSSL.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2016-01-16 12:48:00 -0500

bhanu.rhce gravatar image

Can you pls have a look on the time of the machines, they should be synced..

edit flag offensive delete link more

Comments

They are no more than a few seconds off or they are exactly the same time. They are configured for the same NTP server. Based on my rough tests, they are right on.

Conventional gravatar imageConventional ( 2016-01-27 18:47:20 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-01-15 17:04:41 -0500

Seen: 851 times

Last updated: Jan 16 '16