About | FAQ | Help
Ask Your Question

puppetserver client CA certificates: where are they?

asked 2016-02-22 06:07:27 -0500

473183469 gravatar image

I need puppetserver to report facts via https to puppet-dashboard.

I changed certificate and CA on puppet-dashboard, and now puppetserver fails to post reports because:

2016-02-22 13:01:22,196 ERROR [c.p.h.c.i.PersistentSyncHttpClient] Error executing http request
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431) ~[na:1.8.0_60]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[na:1.8.0_60]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.8.0_60]

As I would understand it, puppetserver (acting as a client) misses the right CA to connect via https to web server.

My problem is: how to add CA to puppetserver?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2016-02-22 06:43:24 -0500

Mr_Sharma gravatar image

Hi, I am not very sure that for which puppet components you have changed the certs. But few pointer:

find the certificate here:


regenerate certificates:

https://docs.puppetlabs.com/puppet/3....regeneratecertificates.html https://docs.puppetlabs.com/pe/latest...certsconsole.html

Cleaning and regenerating the new certificates would resolve the problem. Hope that helps.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2016-02-22 06:07:27 -0500

Seen: 251 times

Last updated: Feb 22 '16