Actually, I was missing the "ca_server" parameter in the "main" section of the machine that hosts Foreman and the PuppetCA. I used the hostname of the server for the value and the "puppetserver ca" command worked.
I didn't know that certs could be managed via the Foreman web interface, do you know if there is something about this in the Foreman documentation ? Le mer. 26 août 2020 à 08:43, Martin Alfke <[email protected]> a écrit : > Hi, > > Usually you can do the cert management via Foreman web interface. > If CLI is not working, please check that your Puppet 6 Master has a cert > extension. > If this is missing you can check our blog posting: > https://blog.example42.com/2018/10/08/puppet6-ca-upgrading/ > > Best, > Martin > > On 25. Aug 2020, at 00:32, [email protected] <[email protected]> > wrote: > > Hello, > > I have just finished installing a Puppet / Foreman / PuppetDB stack. Here > is the details : > > OS : Centos 8.2 > > Puppetserver version : 6.12.1 > > PuppetDB version : 6.11.2 > > Puppet agent version : 6.17.0 > > Foreman version : 2.1 > > I have the PuppetCA and Foreman on one host, the Puppetmaster on a second > one and the PuppetDB on a third one. I used Foreman-installer to install > everything except the PuppetDB. > > It took me quite some time but it seems to be working fine except for one > thing, I can't manage the nodes certificates because the following command > gives me a 404 error (I run it on the PuppetCA/Foreman host) : > > puppetserver ca list --all > Error: > code: 404 > body: { > "message":"Not Found", > "url":"/puppet-ca/v1/certificate_statuses/any_key", > "status":"404" > } > No certificates to list > > I did set up the autosign with my servers domain name, so the new nodes > get their certificate request correctly signed, they get their catalogs, I > see them in Foreman etc... > > ls -l /etc/puppetlabs/puppet/ssl/ca/signed/ > total 44 > drwxr-x---. 2 puppet puppet 4096 Aug 24 18:01 . > drwxr-x---. 4 puppet puppet 232 Aug 24 18:35 .. > -rw-r--r--. 1 puppet puppet 1960 Aug 24 18:01 host1.domain.local.pem > -rw-r--r--. 1 puppet puppet 1968 Aug 24 16:45 host2.domain.local.pem > -rw-r--r--. 1 puppet puppet 1968 Aug 23 11:39 host3.domain.local.pem > -rw-r--r--. 1 puppet puppet 1968 Aug 23 11:42 host4.domain.local.pem > > But I need to revoke and renew some of these certificates so for the > moment, I am blocked. > > I don't know where to look, any help would be appreciated ^^ > > Thanks > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/68084f23-4154-45c1-b808-c67249ad1770n%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/68084f23-4154-45c1-b808-c67249ad1770n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/C18CBE52-D96A-45F9-BF6D-46756A89A90E%40gmail.com > <https://groups.google.com/d/msgid/puppet-users/C18CBE52-D96A-45F9-BF6D-46756A89A90E%40gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJnvW0%2BYu1Vmzpi1Ff%3D_GBPvi3TEDLLtqHCp9AtFhJtyz%2BH0Gg%40mail.gmail.com.
