It might be linked to that: https://tickets.puppetlabs.com/browse/PUP-7452 <https://tickets.puppetlabs.com/browse/PUP-7452>
> Le 23 août 2017 à 20:16, Jason McMahan <[email protected]> a écrit : > > Thank you Martin, > Still running into problems. > > I must not be using correct certificate most likely. > > Appreciate the response. > > On Thursday, August 17, 2017 at 10:00:42 AM UTC-5, Martin Alfke wrote: > > > On 17 Aug 2017, at 14:23, Jason McMahan <[email protected] > > <javascript:>> wrote: > > > > Good morning, > > We installed a puppet agent on our citrix mgmt servers. > > The problem became that the way it is done a golden image is used, > > server_dev. Once sealed that spins off multiple other servers for stage and > > prod environments. > > > > We want to know about the servers, ensure they are in configuration and not > > drifting between rebuilds and keep reports for a history on them. > > > > The idea was to once they are done stop the service (not disable), delete > > the ssl directory, then revoke and delete the cert on the puppetca. > > > > > > Has anyone else attempt to revoke and delete cert remotely from the > > puppetca? > > > > We are attempting a curl command like > > curl -X DELETE --tlsv1 --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem > > --cert /etc/puppetlabs/puppet/ssl/certs/server.pem --key > > /etc/puppetlabs/puppet/ssl/private_keys/server.pem -H "Accept: > > application/json" -H "Content-Type: application/json" -d > > '{"desired_state":"revoked"}' > > https://puppetcat:8140/puppet-ca/v1/certificate_status/server?environment=production > > > > <https://puppetcat:8140/puppet-ca/v1/certificate_status/server?environment=production> > > > > > > But everytime we get forbidden 403 whether running curl command from remote > > server or even the puppetca itself. > > Attemped to add ip to > > /etc/puppetlabs/puppetserver/conf.d/puppetserver.conf as well as > > /etc/puppetlabs/puppetserver/conf.d/ca.conf but still same error. > > You must allow access to puppet ca api via auth.conf > > Check the following links: > https://docs.puppet.com/puppet/5.0/config_file_auth.html > <https://docs.puppet.com/puppet/5.0/config_file_auth.html> > https://docs.puppet.com/puppetserver/latest/config_file_auth.html > <https://docs.puppet.com/puppetserver/latest/config_file_auth.html> > > hth, > Martin > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/11d449ab-9cdc-4eb0-b5bd-d6e570aae211%40googlegroups.com > > <https://groups.google.com/d/msgid/puppet-users/11d449ab-9cdc-4eb0-b5bd-d6e570aae211%40googlegroups.com?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5D56725B-EA9C-4073-8BBF-B37038B7991A%40orange.fr. For more options, visit https://groups.google.com/d/optout.
