puppet 代理请求错误:SSL_connect SYSCALL 返回=5 errno=0 state=SSLv3/TLS write client hello

编程问答 2022-06-01

问题描述

我在 gcp(谷歌云计算)VM 上创建了一个新的 puppetserver(6.19),但由于 SSL 错误,我无法将代理 (6.19) 连接到 puppetserver:

Error: Request to https://[server name]:8140/puppet-ca/v1/certificate/ca Failed after 17.391 seconds: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3/TLS write client hello
Error: Could not run: Request to https://[server-name]:8140/puppet-ca/v1/certificate/ca Failed after 17.391 seconds: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3/TLS write client hello

我个人笔记本电脑上的另一个 puppetserver 安装工作正常(使用相同的代理)。

顺便说一句,尝试 openssl 命令返回错误: 命令:

sudo openssl s_client -connect <server name>:8140 --servername harel-rp --showcerts

回复

CONNECTED(00000003)
depth=0 CN = <server name>
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = <server name>
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:CN = <server name>
   i:CN = Puppet CA: <server name>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
---
Server certificate
subject=CN = <server name>

issuer=CN = Puppet CA: <server name>

---
Acceptable client certificate CA names
CN = Puppet CA: <server name>
Client Certificate Types: ECDSA sign,RSA sign,DSA sign
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: DH,2048 bits
---
SSL handshake has read 2967 bytes and written 670 bytes
Verification error: unable to verify the first certificate
---
New,TLSv1.2,Cipher is DHE-RSA-AES128-SHA256
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES128-SHA256
    Session-ID: 17DE7CA80C37F35923EB46646F340794429681FF15C1C8E784C3895016D1D0FE
    Session-ID-ctx:
    Master-Key: 93683CB5C33D7C0053FE3728FB8D89F4E9C02E1AB0AF47605E6C99D9E76FA60F40CA97DE1D5B2745F030F73AF9929F25
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1609315092
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: yes
---
closed

请帮忙 - 搜索网络没有帮助

谢谢, 哈雷尔

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

opensslopensslpuppetpuppetsslssl-certificate