Solved Puppet vs. Vault using self signed ssl

Sparkee

Sparkee

I'm working on connecting Puppet agent to (HashiCorp) Vault server that is using a self signed SSL.
It returns with the following error:
Code: 
puppet agent -t
Error: Failed to apply catalog: certificate verify failed [unable to get local issuer certificate for CN=vault.server.com]
On Ubuntu I solved this with placing a copy of the CA cert used to sign vault.server.com under
Code: 
/opt/puppetlabs/puppet/ssl/certs/
Does anyone have an idea what should I try on FreeBSD 13.1 with puppet7-7.21.0?
 
Actually it looks I found the solution, copy the cert under /etc/ssl/certs/ and create a symlink with it's hash, for example:
Code: 
cp myCA.crt /etc/ssl/certs/myCA.crt
chown root:wheel /etc/ssl/certs/myCA.crt
chmod 0644 /etc/ssl/certs/myCA.crt
openssl x509 -noout -hash -in /etc/ssl/certs/myCA.crt a1736415
ln -s /etc/ssl/certs/myCA.crt /etc/ssl/certs/a1736415.0

puppet agent -t shows no more errors, at least not certificate verification ones :)
 
You must log in or register to reply here.
Back
Top