After the expiration of the CA, I deleted the SSL directory and restarted the puppetmaster service, but the client authenticated the error

asked 2017-08-03 22:17:19 -0600

This post is awaiting moderation The client error is as follows: notice: Ignoring --listen on onetime run err: Could not retrieve catalog from remote server: SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetca.test.com] warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetca.test.com] At the server, check with the puppet cert list - all that the client has issued the certificate, but failed

edit retag flag offensive close merge delete

Comments

If you did something like `rm -rf /var/lib/puppet/ssl/` on your client, you have to `puppet cert clean clientname.local` on your master.

Kai Burghardt gravatar imageKai Burghardt ( 2017-08-04 10:10:16 -0600 )edit