Hello, > > Am Freitag, 4. Januar 2019 22:21:47 UTC+1 schrieb Michael Post: > >> Hello, >> >> yesterday and today i set up a new Debian Stretch VM and want to install >> a fresh environment with puppetserver 6. >> >>> >>> sometimes it is good to write and think and read more and more. I solved my problem. The exact steps are written in the documentation but you have to find it.
It is written under https://puppet.com/docs/puppet/5.3/config_ssl_external_ca.html#option-2-puppet-server-functioning-as-an-intermediate-ca Puppet agent You need to do two things to prepare Puppet agent for this CA configuration: If you copy this file into place before the first Puppet run, you will not recieve any errors. If you attempt a Puppet run prior to this file being present you will receive errors since the auto-distributed ca.pem file doesn’t include the root CA.. Example error: Error: Could not request certificate: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=<server>] Copy the CA bundle in place prior to a Puppet run. Disable certificate revocation validation. Copy the CA bundle you created to /etc/puppetlabs/puppet/ssl/certs/ca.pem on every agent node. Set certificate_revocation = false in the [main] section of puppet.conf on every agent node: [main] certificate_revocation = false Once you’ve completed both of these steps, the agent can run successfully. Have a nice weekend, Michael -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ed78a062-6db1-4636-bb78-c2bfbb01cb90%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
