Project

General

Profile

Forums » Help »

puppet+nginx problems:OpenSSL: Error(20): unable to get local issuer certificate

Added by tao zhang almost 14 years ago

nginx :a01.nginx.com:10.10.235.111
client :client2.puppet.com:10.10.234.117
master :a01.server.puppet.com:10.10.235.113

in client:
puppetd --test --server a01.nginx.com -d
debug: Using cached certificate for ca
debug: Using cached certificate for client2.puppet.com
debug: Finishing transaction -606084306
debug: Loaded state in 0.00 seconds
debug: Using cached certificate for ca
debug: Using cached certificate for client2.puppet.com
debug: OpenSSL: Error(20): unable to get local issuer certificate
debug: OpenSSL: Cert: /CN=a01.nginx.com

In master:
puppetca --print client2.puppet.com
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10 (0xa)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=a01.server.puppet.com
Validity
Not Before: Oct 5 15:33:03 2010 GMT
Not After : Oct 4 15:33:03 2015 GMT
Subject: CN=client2.puppet.com

nginx.conf

user daemon daemon;
#user nobody;
worker_processes 2;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
error_log /var/log/nginx-puppet.log notice;
pid /var/run/nginx-puppet.pid;

#pid logs/nginx.pid;

events {
use epoll;
worker_connections 1024;
}

http {
sendfile on;
tcp_nopush on;

keepalive_timeout  300;
  tcp_nodelay        on;
upstream server.puppet.yoqoo{
     server 10.10.235.113:8140;
}
server {
    listen 8140;
   ssl                     on;
   ssl_session_timeout     5m;
   ssl_certificate         /etc/puppet/ssl/certs/a01.nginx.yoqoo.pem;
   ssl_certificate_key     /etc/puppet/ssl/private_keys/a01.nginx.yoqoo.pem;
   ssl_client_certificate  /etc/puppet/ssl/ca/ca_crt.pem;
   ssl_verify_client       optional;
location / {
        proxy_pass          http://server.puppet.yoqoo;
        proxy_redirect      off;
    proxy_set_header    Host             $host;
    proxy_set_header    X-Real-IP        $remote_addr;
    proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header    X-Client-Verify  $ssl_client_verify;
    proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
    proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
    proxy_buffer_size           16k;
    proxy_buffers               8 32k;
    proxy_busy_buffers_size     64k;
    proxy_temp_file_write_size  64k;
    proxy_read_timeout          65;
    }
  }#server end
}#http end

please help me!thank you very much!


Replies (1)

    (1-1/1)