That's normal behavior, because the client still retains the cert and it's still signed with your puppet CA and therefor trusted.
You may want to scrutinize the CRL file, perhaps it's not used properly. Also try and find out if puppet cert revoke works better than pupet cert clean wrt. the CRL. HTH, Felix On 12/06/2013 01:44 PM, kaustubh chaudhari wrote: > once i remove the cert with puppet agent clean! I dont see its > certificate in the puppet cert list -all > > However, agent can still run the catalog! this is what worries me!! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52A1CBCF.9050007%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.