How can I troubleshoot problems with Puppet's SSL layer?
When I'm having problems that I suspect may be related to SSL, what are some troubleshooting steps I should take?
I feel your pain. SSL is tough and is probably the number one stumbling block for new users getting Puppet working in their environment. Hopefully this answer helps reduce frustration and get you up and running. The good news is, once it's set up right, you won't have to fiddle with it any more.
First, make sure the problem you're having is actually an SSL problem. Almost all of the SSL-related error messages on the client start with the string
SSL_connect and then the error raised up by the underlying crypto libraries. General networking errors will not ... (more)
I frequently reach for three tools when debugging SSL issues at the protocol level:
Here's how I use openssl s_client to verify mutual SSL authentication is happening as I expect it to:
This question; does the server's SSL name match the client's perspective of it's hostname, is the most important question to ask because this is the most common issue.
If the hostname the agent connects to does not match the name listed in the master's ... (more)
Asked: 2012-11-14 12:42:01 -0500
Seen: 2,470 times
Last updated: Feb 25 '13