Tuesday, August 27, 2013

Puppet Certificate Store.

If you are using Puppet, and in particular if you are using it to install modules from the main Puppet repository, you may run into an issue.

Specifically this is when the puppet module complains that the puppet server certificate is not valid.

Symptom : Redhat 6.4

Puppet latest version.

After a lot of messing around with openssl ( which turned out not to be the problem )  we went back to concentrating on Puppet.

Puppet expects to see the list of trusted server certificates in

/etc/pki/tls/cert.pem ( we only found this via strace -f )

if it cannot find it then you will get the error.

In a default setup this cert.pem file doesn't exist and needs to be linked in.

The list of certs is happily available in the certs/ca-bundle.crt file.

So :

ln -s cert.pem certs/ca-bundle.crt

and now Puppet module install works just fine.