On Sat, Aug 20, 2011 at 2:47 PM, Brian Troutwine <[email protected]> wrote:
> On Sat, Aug 20, 2011 at 12:18 PM, Brian Troutwine <[email protected]>wrote: > >> On Sat, Aug 20, 2011 at 10:04 AM, Laurence Southon < >> [email protected]> wrote: >> >>> On 20/08/11 01:13, Brian Troutwine wrote: >>> > How do I actually revoke a faulty certificate? >>> >>> You can remove the client certificate entirely with: >>> >>> puppetca --clean apt.example.com >> >> >> I overlooked that entirely. Thank you. >> > > This does look like the flag I was looking for, however: > > # puppet cert --clean apt.example.com > notice: Revoked certificate with serial # Inventory of signed certificates > # SERIAL NOT_BEFORE NOT_AFTER SUBJECT > 0x0001 2011-08-19T18:20:48GMT 2016-08-17T18:20:48GMT /CN=Puppet CA: > puppet.example.com > 0x0002 2011-08-19T18:20:48GMT 2016-08-17T18:20:48GMT /CN= > puppet.example.com > 0x0003 2011-08-19T18:21:46GMT 2016-08-17T18:21:46GMT /CN= > gateway.example.com > > err: Could not call revoke: Cannot convert into OpenSSL::BN > > > and on apt.example.com: > > # puppet agent --test --noop > info: Creating a new SSL key for apt.example.com > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > info: Creating a new SSL certificate request for apt.example.com > info: Certificate Request fingerprint (md5): > FB:05:0D:41:C8:46:3C:44:EE:AC:9D:48:4E:4A:CC:FB > warning: peer certificate won't be verified in this SSL session > warning: peer certificate won't be verified in this SSL session > info: Caching certificate for apt.example.com > err: Could not retrieve catalog from remote server: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > Similarly, # puppet cert --list --all + apt.example.com (4C:FB:40:5B:9F:0F:CB:8B:78:57:78:D2:34:3F:8F:9B) + puppet.example.com (C5:37:33:6A:1D:AB:60:55:61:05:55:05:03:56:35:45) # puppet cert --clean apt.example.com notice: Revoked certificate with serial 3 notice: Removing file Puppet::SSL::Certificate apt.example.com at '/var/lib/puppet/ssl/ca/signed/apt.example.com.pem' notice: Removing file Puppet::SSL::Certificate apt.example.com at '/var/lib/puppet/ssl/certs/apt.example.com.pem' but then, # puppet agent --test --noop err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Mind you, apt is a virgin computer each time. Things that the error message don't tell me: * Which certificate failed, * why it failed in the context of puppet (not raw ssl jargon) and * what I should do to remedy the problem. > A new one will then be generated next time you connect. >>> >>> LS >>> -- >>> Laurence Southon >>> Tiger Computing, Bexley >>> www.tiger-computing.co.uk >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >>> >>> >> >> >> -- >> Brian L. Troutwine >> >> > > > -- > Brian L. Troutwine > > -- Brian L. Troutwine -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
