forwarded 495939 http://projects.reductivelabs.com/issues/899 thanks
Martin, hi, martin f krafft wrote: > After switching to mongrel (and recreating the certificate for the > local puppetd), it won't sync with puppet anymore: > > err: /File[/var/lib/puppet/lib]: Failed to generate additional > resources during transaction: Certificates were not trusted: tlsv1 > alert decrypt error This is a known issue, #899 on puppet's bug tracker. > The only way to make it work again is by commenting > SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem > in the apache2 configuration. This actually works, contrary to your reply. However, SSL without CRLs is not exactly ideal, so here at work we've workarounded it as such: - split your Apache config into two (non-named) VirtualHosts: the network IP and 127.0.0.1/[::1] with identical configs, - remove SSLCARevocationFile from the localhost one, - define "server = localhost" in puppet.conf for the puppetmaster, - make sure that there are no $servername variables in your manifests (e.g. we had to switch some file URLs from puppet://$servername/files/ to puppet:///files/) Regards, Faidon -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
