Issue #11854 has been updated by Nan Liu.
I would first check and see if the cert on your agent matches the master fingerprint. If they do, the CRL might be misconfigured or disabled. Also the serial number should match the latest one in the inventory.txt vs. an earlier one. ---------------------------------------- Refactor #11854: "Puppet cert list --all" output is confusing when a certificate has been cleaned and a new certificate has been signed https://projects.puppetlabs.com/issues/11854 Author: Gonzalo Servat Status: Needs More Information Priority: Normal Assignee: Category: SSL Target version: Affected Puppet version: Keywords: Branch: When signing a certificate for a host, and subsequently cleaning it, if you then sign a new certificate for the same host, the output of "puppet cert list --all" will be: - [host] ([fingerprint]) (certificate revoked) So, according to this listing, the host appears to have its certificate revoked when, in fact, it's the OLD certificate that was revoked. It would be good to rework the output so that it shows something similar to: - [host] ([fingerprint]) (certificate revoked) - [host] ([fingerprint]) (certificate revoked) ... - [host] ([fingerprint]) (certificate revoked) + [host] ([fingerprint]) That way you can see all revoked certificates and the current signed certificate for the host. I can see that the listing could potentially get very long, so perhaps maybe just show the last revoked certificate? Your thoughts? -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
