Hi Danny, look into puppet auth.conf You need to allow the requesting server access to certificate_status.
hth, Martin On 22 Jul 2014, at 22:20, Danny Roberts <dannyroberts.perso...@googlemail.com> wrote: > I'm trying to use the Puppet API in our monitoring to check for and alert on > any unsigned certificates that might be waiting in Puppet. > > As per http://docs.puppetlabs.com/guides/rest_api.html#certificate-status I > should be able to use something like: > > curl --cert /var/lib/puppet/ssl/certs/sql2.ourcompany.com.pem --key > /var/lib/puppet/ssl/private_keys/sql2.ourcompany.com.pem --cacert > /var/lib/puppet/ssl/certs/ca.pem -H 'Accept: pson' > https://puppet.ourcompanyhosting.co.uk:8140/production/certificate_statuses/no_key > > However that errors: > > Forbidden request: sql2.ourcompany.com(xx.xxx.xxx.xx) access to > /certificate_status/no_key [search] authenticated at :119 > > As far as I can see I should only be getting this response if I am not > providing the required SSL certs. However as this is not the case I am at a > loss. > > Any ideas what is causing the issue? If this information can be pruned from > PuppetDB instead I'd be happy to use that instead as we already have a > PuppetDB instance running (I had a look through the PuppetDB API and could > not see anything that did this). > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/2253d597-7be6-42c3-bed3-bfd1b3851b36%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/76FFBE30-20DA-4664-9F9F-22404B49510D%40gmail.com. For more options, visit https://groups.google.com/d/optout.
