Thank you Martin, Still running into problems. I must not be using correct certificate most likely.
Appreciate the response. On Thursday, August 17, 2017 at 10:00:42 AM UTC-5, Martin Alfke wrote: > > > > On 17 Aug 2017, at 14:23, Jason McMahan <[email protected] > <javascript:>> wrote: > > > > Good morning, > > We installed a puppet agent on our citrix mgmt servers. > > The problem became that the way it is done a golden image is used, > server_dev. Once sealed that spins off multiple other servers for stage and > prod environments. > > > > We want to know about the servers, ensure they are in configuration and > not drifting between rebuilds and keep reports for a history on them. > > > > The idea was to once they are done stop the service (not disable), > delete the ssl directory, then revoke and delete the cert on the puppetca. > > > > > > Has anyone else attempt to revoke and delete cert remotely from the > puppetca? > > > > We are attempting a curl command like > > curl -X DELETE --tlsv1 --cacert > /etc/puppetlabs/puppet/ssl/certs/ca.pem --cert > /etc/puppetlabs/puppet/ssl/certs/server.pem --key > /etc/puppetlabs/puppet/ssl/private_keys/server.pem -H "Accept: > application/json" -H "Content-Type: application/json" -d > '{"desired_state":"revoked"}' > https://puppetcat:8140/puppet-ca/v1/certificate_status/server?environment=production > > > > > But everytime we get forbidden 403 whether running curl command from > remote server or even the puppetca itself. > > Attemped to add ip to > /etc/puppetlabs/puppetserver/conf.d/puppetserver.conf as well as > /etc/puppetlabs/puppetserver/conf.d/ca.conf but still same error. > > You must allow access to puppet ca api via auth.conf > > Check the following links: > https://docs.puppet.com/puppet/5.0/config_file_auth.html > https://docs.puppet.com/puppetserver/latest/config_file_auth.html > > hth, > Martin > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/11d449ab-9cdc-4eb0-b5bd-d6e570aae211%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
