I feel your pain. SSL is tough and is probably the number one stumbling block for new users getting Puppet working in their environment. Hopefully this answer helps reduce frustration and get you up and running. The good news is, once it's set up right, you won't have to fiddle with it any more.
First, make sure the problem you're having is actually an SSL problem. Almost all of the SSL-related error messages on the client start with the string SSL_connect
and then the error raised up by the underlying crypto libraries. General networking errors will not have this string, so normal network troubleshooting methodology applies; specifically, Connection refused - connect(2)
means a TCP connection attempt got a RST packet indicating a firewall or puppet master not running, and getaddrinfo: nodename nor servname provided, or not known
means the server's hostname (the value of puppet agent --configprint server
) was not resolvable in DNS/hosts.
Next, assuming you do have an SSL_connect
style error, it