Hi Fabrice, > On 05 Apr 2017, at 17:02, Fabrice Bacchella <[email protected]> > wrote: > > One more problem, since puppet certificate --ca-location remote destroy does > nothing, what is the whole point of puppet certificate ? A puppet generate > for the same host fails because it already exist, So I can't use it to > remotely manage the puppet's PKI. It undermine the whole point of the command.
Have you tried puppet cert clean <certname> ? This command is usually used to get rid of old certificates. > > > >> Le 5 avr. 2017 à 15:58, Fabrice Bacchella <[email protected]> a >> écrit : >> >> I'm playing with the "puppet certificate" command. >> >> But when I run "puppet certificate --ca-location remote list" >> >> I see in the log: >> >> 10.83.16.17 - - [05/Apr/2017:15:52:46 +0200] "GET >> /puppet-ca/v1/certificate_statuss/*?environment=production&for=certificate_request >> HTTP/1.1" 404 9 "-" "Puppet/4.9.4 Ruby/2.1.9-p490 (x86_64-linux)" 38 >> >> certificate_statuss ? Really ? >> >> Because meanwhile, "puppet certificate --ca-location remote sign webtester" >> generated: >> 10.83.16.17 - - [05/Apr/2017:15:51:47 +0200] "PUT >> /puppet-ca/v1/certificate_status/webtester?environment=production& HTTP/1.1" >> 204 0 "-" "Puppet/4.9.4 Ruby/2.1.9-p490 (x86_64-linux)" 467 >> >> That's better I think. >> >> And "puppet certificate --ca-location remote destroy webtester" >> >> generated >> 10.83.16.17 - - [05/Apr/2017:15:56:32 +0200] "DELETE >> /puppet-ca/v1/certificate/webtester?environment=production& HTTP/1.1" 403 >> 112 "-" "Puppet/4.9.4 Ruby/2.1.9-p490 (x86_64-linux)" 15 >> >> I'm surprise similar command talks to different URL. It's not easy to track >> them in auth.conf. >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/1B695C3B-2DE2-464B-A344-A069065D212E%40orange.fr. >> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/1C3F185C-1387-4C98-B4F2-6157B73E244B%40orange.fr. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/E9BDC0B5-B92D-46C0-9617-42A7D83B4200%40gmail.com. For more options, visit https://groups.google.com/d/optout.
