Hi, Usually you can do the cert management via Foreman web interface. If CLI is not working, please check that your Puppet 6 Master has a cert extension. If this is missing you can check our blog posting: https://blog.example42.com/2018/10/08/puppet6-ca-upgrading/ <https://blog.example42.com/2018/10/08/puppet6-ca-upgrading/>
Best, Martin > On 25. Aug 2020, at 00:32, [email protected] <[email protected]> wrote: > > Hello, > > I have just finished installing a Puppet / Foreman / PuppetDB stack. Here is > the details : > > OS : Centos 8.2 > > Puppetserver version : 6.12.1 > > PuppetDB version : 6.11.2 > > Puppet agent version : 6.17.0 > > Foreman version : 2.1 > > I have the PuppetCA and Foreman on one host, the Puppetmaster on a second one > and the PuppetDB on a third one. I used Foreman-installer to install > everything except the PuppetDB. > > It took me quite some time but it seems to be working fine except for one > thing, I can't manage the nodes certificates because the following command > gives me a 404 error (I run it on the PuppetCA/Foreman host) : > > > puppetserver ca list --all > Error: > code: 404 > body: { > "message":"Not Found", > "url":"/puppet-ca/v1/certificate_statuses/any_key", > "status":"404" > } > No certificates to list > I did set up the autosign with my servers domain name, so the new nodes get > their certificate request correctly signed, they get their catalogs, I see > them in Foreman etc... > > > ls -l /etc/puppetlabs/puppet/ssl/ca/signed/ > total 44 > drwxr-x---. 2 puppet puppet 4096 Aug 24 18:01 . > drwxr-x---. 4 puppet puppet 232 Aug 24 18:35 .. > -rw-r--r--. 1 puppet puppet 1960 Aug 24 18:01 host1.domain.local.pem > -rw-r--r--. 1 puppet puppet 1968 Aug 24 16:45 host2.domain.local.pem > -rw-r--r--. 1 puppet puppet 1968 Aug 23 11:39 host3.domain.local.pem > -rw-r--r--. 1 puppet puppet 1968 Aug 23 11:42 host4.domain.local.pem > But I need to revoke and renew some of these certificates so for the moment, > I am blocked. > > I don't know where to look, any help would be appreciated ^^ > > Thanks > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/68084f23-4154-45c1-b808-c67249ad1770n%40googlegroups.com > > <https://groups.google.com/d/msgid/puppet-users/68084f23-4154-45c1-b808-c67249ad1770n%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/C18CBE52-D96A-45F9-BF6D-46756A89A90E%40gmail.com.
