Hello,
I want to know how to resign old signed certificate on puppet master when
agents rebuild OS and request CSR.
I have over 200 workstations rebuilding frequently, so it is not effect to
clean agents' certificate manually on puppet master before kicstarting
agents.
Puppet master and ag
Alternately, running the puppetca clean before starting the new client will
result in the standard unsigned behavior.
(I do think its pretty broken that trying once with the wrong cert poisons
the client - if it is an attack, they can just wipe the client cert again,
and if it isn't - eg in your c
On 03/08/2011 12:00 PM, Patrick Cervicek wrote:
> Is there a way to force the puppetmaster to resign certificates for
> existing certificates when a new CSR for the same hostname arrives?
>
> When we reinstall freshly formatted clients with puppet (with the same
> hostname) the puppet client compl
Is there a way to force the puppetmaster to resign certificates for
existing certificates when a new CSR for the same hostname arrives?
When we reinstall freshly formatted clients with puppet (with the
same hostname) the puppet client complains:
err: Could not request certificate: Retrieved
