puppetserver client CA certificates: where are they?
I need puppetserver to report facts via https to puppet-dashboard.
I changed certificate and CA on puppet-dashboard, and now puppetserver fails to post reports because:
[...] 2016-02-22 13:01:22,196 ERROR [c.p.h.c.i.PersistentSyncHttpClient] Error executing http request javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431) ~[na:1.8.0_60] [...] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[na:1.8.0_60] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.8.0_60] [...]
As I would understand it, puppetserver (acting as a client) misses the right CA to connect via https to web server.
My problem is: how to add CA to puppetserver?