Puppet Version: 7.8.0
Puppet Server Version: 7.2.0
I have RedHat el8 packages for puppet agent and puppet server installed on Fedora 32 and Fedora 34. The Fedora 32 installation works but the Fedora 34 doesn't.
Agents on client machines work as expected.
Connections fail with SSL_connect returned=1 errno=0 state=error: sslv3 alert certificate unknown.
If I mount a Fedora 32 image and run puppetserver in a chroot environment it works even with /opt/puppetlabs, /etc/puppetlabs and /etc/syconfig/puppetserver bind mounted so that the puppet configuration is identical in the Fedora 34 and Fedora 32 imagesa nd because it is in a chroot environment, both cases use the same kernel and same network and services (like dns).
Adding -Djavax.net.debug=ssl -Djava.security.debug=access to JAVA_ARGS results in "java.security.cert.CertPathValidatorException: Could not determine revocation status", whereas for the Fedora 32 case, I get "Found trusted certificate:" at the same place.
I am using the traditional self signed certificate and for both cases the logs show:
adding as trusted cert:
Subject: CN=Puppet CA: puppet.beware.dropbear.id.au
Issuer: CN=Puppet CA: puppet.beware.dropbear.id.au
Algorithm: RSA; Serial number: 0x1
Valid from Mon Feb 12 23:22:49 ACDT 2018 until Sun Feb 12 23:22:49 ACDT 2023
and the keys are identical.
I have installed the Fedora 32 version of java 8 on Fedora 34 and it still doesn't work.