Because of government requirements, I have implemented Puppet Server using the certificate created on an external CA. When the puppet server is initialized with the public certificate of the root CA, the certificate from the root CA issued to the puppet server and the CRL of the root CA, the puppet server seems fine. However, when the root CRL expires, the puppet agent service on the puppet server reports that the CRL is expired and all puppetserver ca commands fail. I have attempted to update the various .pem files associated with CRL on the puppet server, but the 'CRL has expired' error will not go away. The root CRL is issued every 4 hours. What is the process of updating the CRL for an external CA when you have the puppet server setup to be an intermediate CA?
-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/161b2536-0926-4735-83c6-8106c1d84993o%40googlegroups.com.
