Ask Your Question
0

puppetserver client CA certificates: where are they?

asked 2016-02-22 06:07:27 -0500

473183469 gravatar image

I need puppetserver to report facts via https to puppet-dashboard.

I changed certificate and CA on puppet-dashboard, and now puppetserver fails to post reports because:

[...]
2016-02-22 13:01:22,196 ERROR [c.p.h.c.i.PersistentSyncHttpClient] Error executing http request
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431) ~[na:1.8.0_60]
[...]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[na:1.8.0_60]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.8.0_60]
[...]

As I would understand it, puppetserver (acting as a client) misses the right CA to connect via https to web server.

My problem is: how to add CA to puppetserver?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2016-02-22 06:43:24 -0500

rajeevsharma gravatar image

Hi, I am not very sure that for which puppet components you have changed the certs. But few pointer:

find the certificate here:

/etc/puppetlabs/puppet/ssl/

regenerate certificates:

https://docs.puppetlabs.com/puppet/3....regeneratecertificates.html https://docs.puppetlabs.com/pe/latest...certsconsole.html

Cleaning and regenerating the new certificates would resolve the problem. Hope that helps.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-02-22 06:07:27 -0500

Seen: 109 times

Last updated: Feb 22 '16