On 31/03/14 08:48, Spencer Krum wrote:
The puppetmaster doing catalog compilation, puppetmaster-client in your case, does verify that the client cert is not in the CRL. However, you have to help it out a bit. For one, you need the puppetmaster-client to get the most recent CRL from the puppetmaster (the CA server) on a regular basis, often you can do this by running puppetmaster-client in agent mode against puppetmaster, but you could also have a cron job to sync the files. For two, in some cases you need to restart apache in order to re-read the CRL.
Running `puppet agent` on puppetmaster-client worked, thanks. And yep, after that I needed to restart the puppetmaster daemon on that server.
Thanks again. -- Postgresql & php tutorials http://www.designmagick.com/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5338AE74.2020009%40gmail.com. For more options, visit https://groups.google.com/d/optout.
