The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #13583

Unable to use puppetca

Added by Florian Koch over 2 years ago. Updated over 2 years ago.

Status:Needs More InformationStart date:04/02/2012
Priority:HighDue date:
Assignee:Florian Koch% Done:

0%

Category:-
Target version:-
Affected Puppet version:2.7.12 Branch:
Keywords:puppetca puppet cert
The certificate retrieved from the master does not match the agent's private key.

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This ticket may be automatically exported to the PUP project on JIRA using the button below:


Description

Hi,

i have some wired issue, i have a foreman-proxy server, build from scratch, i can execute puppet cert without problems

puppet cert --list --all
notice: Signed certificate request for ca
notice: Rebuilding inventory file

if i run puppet agent to connect the server to my puppetmaster, all went fine, but if i try to generate a cert after the puppetrun i get

puppet cert generate test
The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: D1:B4:88:24:24:31:FA:13:90:FA:1F:8A:CB:BF:2D:AB
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate  a certficate.
On the master:
puppet cert clean foreman-proxya01.example.com
On the agent:
rm -f /var/lib/puppet/ssl/certs/foreman-proxya01.example.com.pem
puppet agent -t

if i remove /var/lib/puppet/ssl i can use puppet cert again

[root@foreman-proxya01 ~]# puppet cert generate test
notice: Signed certificate request for ca
notice: Rebuilding inventory file
notice: test has a waiting certificate request
notice: Signed certificate request for test
notice: Removing file Puppet::SSL::CertificateRequest test at '/var/lib/puppet/ssl/ca/requests/test.pem'
notice: Removing file Puppet::SSL::CertificateRequest test at '/var/lib/puppet/ssl/certificate_requests/test.pem'
err: Could not call generate: Could not find certificate request for test
[root@foreman-proxya01 ~]# puppet cert --list --all
+ test (B3:56:37:6C:9C:8D:FA:C8:62:2A:3E:90:C8:8F:01:4F)
[root@foreman-proxya01 ~]# 

any idea?

rgdf flo

History

#1 Updated by Patrick Carlisle over 2 years ago

  • Status changed from Unreviewed to Investigating

Hi,

Which of these commands are you running on the puppet master and which on the agent? The error you pasted from puppet cert generate is consistent with running it on the agent, which I’m not sure makes sense here. I’m also not sure what you need to generate since at this stage (having already done a puppet run) you should already have a certificate and possibly just need to sign it on the master.

#2 Updated by Patrick Carlisle over 2 years ago

  • Status changed from Investigating to Needs More Information
  • Assignee set to Florian Koch

Also available in: Atom PDF