Hi,
Usually you can do the cert management via Foreman web interface.
If CLI is not working, please check that your Puppet 6 Master has a cert
extension.
If this is missing you can check our blog posting:
https://blog.example42.com/2018/10/08/puppet6-ca-upgrading/
<https://blog.example42.com/2018/10/08/puppet6-ca-upgrading/>
Best,
Martin
> On 25. Aug 2020, at 00:32, damien...@gmail.com <damien.el...@gmail.com> wrote:
>
> Hello,
>
> I have just finished installing a Puppet / Foreman / PuppetDB stack. Here is
> the details :
>
> OS : Centos 8.2
>
> Puppetserver version : 6.12.1
>
> PuppetDB version : 6.11.2
>
> Puppet agent version : 6.17.0
>
> Foreman version : 2.1
>
> I have the PuppetCA and Foreman on one host, the Puppetmaster on a second one
> and the PuppetDB on a third one. I used Foreman-installer to install
> everything except the PuppetDB.
>
> It took me quite some time but it seems to be working fine except for one
> thing, I can't manage the nodes certificates because the following command
> gives me a 404 error (I run it on the PuppetCA/Foreman host) :
>
> > puppetserver ca list --all
> Error:
> code: 404
> body: {
> "message":"Not Found",
> "url":"/puppet-ca/v1/certificate_statuses/any_key",
> "status":"404"
> }
> No certificates to list
> I did set up the autosign with my servers domain name, so the new nodes get
> their certificate request correctly signed, they get their catalogs, I see
> them in Foreman etc...
>
> > ls -l /etc/puppetlabs/puppet/ssl/ca/signed/
> total 44
> drwxr-x---. 2 puppet puppet 4096 Aug 24 18:01 .
> drwxr-x---. 4 puppet puppet 232 Aug 24 18:35 ..
> -rw-r--r--. 1 puppet puppet 1960 Aug 24 18:01 host1.domain.local.pem
> -rw-r--r--. 1 puppet puppet 1968 Aug 24 16:45 host2.domain.local.pem
> -rw-r--r--. 1 puppet puppet 1968 Aug 23 11:39 host3.domain.local.pem
> -rw-r--r--. 1 puppet puppet 1968 Aug 23 11:42 host4.domain.local.pem
> But I need to revoke and renew some of these certificates so for the moment,
> I am blocked.
>
> I don't know where to look, any help would be appreciated ^^
>
> Thanks
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com
> <mailto:puppet-users+unsubscr...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/68084f23-4154-45c1-b808-c67249ad1770n%40googlegroups.com
>
> <https://groups.google.com/d/msgid/puppet-users/68084f23-4154-45c1-b808-c67249ad1770n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/C18CBE52-D96A-45F9-BF6D-46756A89A90E%40gmail.com.
