On Wed, 21 Apr 2010, Jewels wrote: > puppetca --revoke hostname > puppetca --clean hostname
You added the old cert's serial number to a revocation list, and then removed the cert from puppetca. The cert might or might not still exist on the client. > On client re-issue puppetd --server puppet --waitforcert 30 --test > > Error is : > > err: Could not retrieve catalog: Certificates were not trusted: sslv3 > alert certificate revoked OK, the cert did still exist on the client; the client puppetd tried to use it, the server noticed that its serial number was in the revocation list, and the server refused to do anything more. > So how do I get rid of it? I can't find a cert anywhere with either a > valid cert or revoked.. Did I do this wrong? How do you remove and re- > add a host? Stop puppetd, and rm -rf /etc/puppet/ssl on the client. Next time you start puppetd, it will generate a new key for itself, generate a new certificate signing request for that key, and send the request to the server. --apb (Alan Barrett) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
