Try using fully qualified domain name. vm1.blah.com The server name needs to match the certificate. What you can do is remove all your ssl puppet dirs (usually /var/lib/puppet/ssl) and set certname in your puppet.conf to be what you call the hosts instead of using dns names.
ie: on master: [main] certname = puppet.my.com on client: [main] certname = client.my.com server = puppet.my.com Then put entries in /etc/hosts to match. That might help you along a bit. Den On 31/03/2012, at 10:20, Jim Garrison <[email protected]> wrote: > Apologies if this is a duplicate, but GG seems to have eaten my previous post > > I'm trying to set up a simple master/agent on two VMs under the same ESXi > host. > > I start up the master successfully on vm1, then start up the agent on vm2 > > sudo puppet agent --server vm1 --waitforcert 60 --test > > On the master I sign the certificate request and then on the agent (vm2) I > see: > > warning: peer certificate won't be verified in this SSL session > info: Caching certificate for ca > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > info: Creating a new SSL certificate request for vm2.jhmg.net > info: Certificate Request fingerprint (md5): > E2:79:4A:81:21:56:7E:2A:9B:B2:3C:74:27:15:24:4C > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > info: Caching certificate for vm2.jhmg.net > err: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify > failed. This is often because the time is out of sync on the server or client > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed. This is often because > the time is out of sync on the server or client > > I have ntp running on both VMs, and have verified that their clocks are > synchronized to within 1ms of each other. > > What ELSE could cause this in such a simple setup? > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/6gqr0brEIQAJ. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
