Ask Your Question
0

Agent unable to connect to master (unable to get local issuer certificate)

asked 2017-12-28 10:11:38 -0600

aitrus00 gravatar image

updated 2017-12-29 12:58:37 -0600

stivesso gravatar image

I just setup Puppet Enterprise 5 on a RHEL 7.4 server. My agent server is also RHEL 7.4. When I run: puppet agent -t, I am getting the following error:

 [root@vm-es-utility01 init.d]# puppet agent -t
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=vm-es-puppet01.corp.int]
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=vm-es-puppet01.corp.int]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=vm-es-puppet01.corp.int]
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=vm-es-puppet01.corp.int]
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=vm-es-puppet01.corp.int]
Info: Loading facts
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=vm-es-puppet01.corp.int]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=vm-es-puppet01.corp.int]

Master Server name: vm-es-puppet01.corp.int Agent Server Name: vm-es-utility01.corp.int

I have scoured the internet for solutions for this, and I have tried everything to no avail. IPTABLES is disabled on both servers, so its not a firewall port issue. I have tried removing and regenerating the cert, but still that doesn't fix this. Does anyone have a clue what could be happening here, all the information I have found on the internet are for earlier versions of Puppet and its not apples to apples.

Any help is appreciated.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-12-31 10:34:19 -0600

try on your client moving the crl.pem file to crl.pem.copy and re-running puppet agent -t - should be located at /var/lib/puppet/ssl/crl.pem

looks like you've changed or rebuilt master?

edit flag offensive delete link more

Comments

Found the file at /etc/puppetlabs/puppet/ssl/crl.pem, renamed it and ran the command but get the exact same error.

aitrus00 gravatar imageaitrus00 ( 2018-01-02 07:16:29 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-12-28 10:11:38 -0600

Seen: 930 times

Last updated: Dec 31 '17