|
发表于 2016-10-14 17:47:05
|
显示全部楼层
Your client's expecting the master to have the hostname puppet, per its server configuration in puppet.conf - that's the default, so if you don't have a server configured then it's using puppet. The master's SSL certificate must be valid for that name, or the client will refuse to connect.
Normally, the master generates a certificate that's valid for its own hostname and the puppet hostname, by using subject alternative names.. but having an explicit certname in the master's puppet.conf might be overriding this. Verify by checking puppet cert --list master-node-1 - it should have something like (alt names: "puppet") displayed after the certificate's thumbprint.
Correct this by either having your client pointed to the real hostname using its server config, or by having the server's cert valid for the hostname puppet.
|
|