External CA configuration with puppet agent

Question

I am trying to configure the puppetserver and agent to use external CA with - Root self-signed CA & Master,Agent having its own ssl certificate

Configurations in puppetserver:

/etc/puppetlabs/puppetserver/bootstrap.cfg

# To enable the CA service, leave the following line uncommented
# puppetlabs.services.ca.certificate-authority-service/certificate-authority-service
# To disable the CA service, comment out the above line and uncomment the line below
puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service

/etc/puppetlabs/puppetserver/conf.d/webserver.conf

ssl-cert    : /usr/cachelogic/var/device-pki/dev_cert.pem
ssl-key     : /usr/cachelogic/var/device-pki/dev_key.pem
ssl-ca-cert : /usr/cachelogic/var/device-pki/CAcert.pem
ssl-crl-path : /etc/puppetlabs/puppet/ssl/crl.pem

puppetserver service was started successfully.

Configurations in puppet agent:

/etc/puppetlabs/puppet/puppet.conf

hostcert = /usr/cachelogic/var/device-pki/dev_cert.pem 
hostprivkey = /usr/cachelogic/var/device-pki/dev_key.pem 
localcacert = /usr/cachelogic/var/device-pki/CAcert.pem

While starting the puppet agent following this the error message that I get.

Debug: Using cached certificate for ca
Debug: Creating new connection for https://cp3.zzz152d1.cdn:8140
Debug: Using cached certificate for ca
Error: Could not run: stack level too deep
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:63

Any pointers on debugging this issue will be helpful. Thanks.

Honestly, if you are doing something like an external CA, then your company probably needs Puppet Enterprise. That contract includes support for stuff like this. — Matthew Schuchard, Jun 17 '16 at 17:26
Using --trace gives a extra line `/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:63` which I have already updated. — Praveen, Jun 20 '16 at 16:21

External CA configuration with puppet agent

0 Answers0