Setup Puppet Certs Task failed

HI ,
I am new to puppet and I thought i completed all the required steps for the task “Setup Puppet Certs”. Still the task failed. Can someone please help me identify the mistake i have made.

Task description :

`Nautilus` DevOps team has setup a puppet master and an agent node in `Stratos Datacenter`. Puppet master is running on `jump host` itself (`also note that puppet master node is also running as puppet CA server`) and puppet agent is running on `App Server 2`. Since its a fresh setup to team want to sign certificates for puppet master as well as puppet agent nodes so that team can proceed with further setup. You can find more details about the task below:

Puppet server and agent nodes are already having required packages but you may need to start `puppetserver` (on master) and `puppet` service on both nodes.

1. Assign/Sign certificates for both `master` as well `agent` node.

Solution : 1) Fixed hostnames in hosts files for both Server and agent.
2) delete files in ssl folder on agent (/etc/puppetlabs/puppet/ssl/* )
3) started services on master
4) started services on agent.
5) Output on Master :

sh-4.2# puppetserver ca list
Requested Certificates:
    stapp02.stratos.xfusioncorp.com   (SHA256)  23:05:26:B9:A7:8E:1B:BE:60:32:80:0B:DC:5A:82:01:C7:2E:60:67:8E:24:AB:0C:F7:39:03:9B:63:AC:00:96
sh-4.2# [root@jump_host /]#

@Inderpreet @mmumshad can you please help me with this.

thank you

Hi @mehulr,

  1. Firstly, your puppet ca list shows requested certificates, which means that you missed some configuration to autosign therefore its requesting certificate rather then autosigning. Incase your task doesnt tell anything about autosign, still you need to accept/assign the certificate so the puppet agent can successfully communicate.

Can you show the output of puppet agent on App Server 2

  1. Secondly, I do not see the jump_host certificate in the list. It should also have the signed certificate.

Hope it helps! :slightly_smiling_face:

1 Like

Use puppetserver ca list --all to see the complete list.
The certificates need to be signed with puppetserver ca sign --all

Here is a detailed explanation:

https://puppet.com/docs/puppet/5.5/ssl_regenerate_certificates.html

2 Likes

Thank you @nenadmiladin . it is useful information .

Thanks to @nenadmiladin

In my case this works
Regenerate the CA and master’s cert:
$sudo puppetserver ca setup
You will see this message: Notice: Signed certificate request for ca

image