Hi, I''ve got some certificate requests on my puppet master that I wish to remove. It looks like the "puppet cert" tool doesn''t have an option for doing that? What''s the best approach, just manually remove them from the puppet/ssl/ca/requests directory? Tim. -- Tim Bishop http://www.bishnet.net/tim/ PGP Key: 0x5AE7D984 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Does puppet cert clean not do it? On Friday, December 14, 2012 9:43:12 AM UTC-8, Tim Bishop wrote:> > Hi, > > I''ve got some certificate requests on my puppet master that I wish to > remove. It looks like the "puppet cert" tool doesn''t have an option for > doing that? What''s the best approach, just manually remove them from the > puppet/ssl/ca/requests directory? > > Tim. > > -- > Tim Bishop > http://www.bishnet.net/tim/ > PGP Key: 0x5AE7D984 >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/e1VMHaXf9msJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nope: puppetmaster# puppet cert list "fb311ff01c6f0130b650005056bc6664" (SHA256) FB:E2:F1:86:5D:80:74:25:35:75:3D:09:8F:1E:41:0B:15:D2:66:01:F2:F1:B3:4E:6D:5B:F9:85:4B:BC:AC:28 puppetmaster# puppet cert clean fb311ff01c6f0130b650005056bc6664 Error: Could not find a serial number for fb311ff01c6f0130b650005056bc6664 Looks like it only cleans signed certificates, not requests. Tim. On Fri, Dec 14, 2012 at 10:33:30AM -0800, Ellison Marks wrote:> Does puppet cert clean not do it? > > On Friday, December 14, 2012 9:43:12 AM UTC-8, Tim Bishop wrote: > > I''ve got some certificate requests on my puppet master that I wish > > to remove. It looks like the "puppet cert" tool doesn''t have an > > option for doing that? What''s the best approach, just manually > > remove them from the puppet/ssl/ca/requests directory?-- Tim Bishop http://www.bishnet.net/tim/ PGP Key: 0x5AE7D984 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
You might try puppet cert print to get more info about the thing, but out of curiosity, how did it get on your master in the first place? On Friday, December 14, 2012 1:14:54 PM UTC-8, Tim Bishop wrote:> > Nope: > > puppetmaster# puppet cert list > "fb311ff01c6f0130b650005056bc6664" (SHA256) > FB:E2:F1:86:5D:80:74:25:35:75:3D:09:8F:1E:41:0B:15:D2:66:01:F2:F1:B3:4E:6D:5B:F9:85:4B:BC:AC:28 > > > puppetmaster# puppet cert clean fb311ff01c6f0130b650005056bc6664 > Error: Could not find a serial number for fb311ff01c6f0130b650005056bc6664 > > Looks like it only cleans signed certificates, not requests. > > Tim. > > On Fri, Dec 14, 2012 at 10:33:30AM -0800, Ellison Marks wrote: > > Does puppet cert clean not do it? > > > > On Friday, December 14, 2012 9:43:12 AM UTC-8, Tim Bishop wrote: > > > I''ve got some certificate requests on my puppet master that I wish > > > to remove. It looks like the "puppet cert" tool doesn''t have an > > > option for doing that? What''s the best approach, just manually > > > remove them from the puppet/ssl/ca/requests directory? > > -- > Tim Bishop > http://www.bishnet.net/tim/ > PGP Key: 0x5AE7D984 >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/NQ1uGMrGGNwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I''ve been testing Razor and ended up with a bunch of requests from test machines that I didn''t sign and didn''t need any more. "puppet cert print" again fails because there''s no certificate, only a request. Anyway, to answer my own question, I just needed to remove the requests from the puppet/ssl/ca/requests directory. Tim. On Fri, Dec 14, 2012 at 04:53:42PM -0800, Ellison Marks wrote:> You might try puppet cert print to get more info about the thing, but > out of curiosity, how did it get on your master in the first place? > > On Friday, December 14, 2012 1:14:54 PM UTC-8, Tim Bishop wrote: > > Nope: > > > > puppetmaster# puppet cert list > > "fb311ff01c6f0130b650005056bc6664" (SHA256) FB:E2:F1:86:5D:80:74:25:35:75:3D:09:8F:1E:41:0B:15:D2:66:01:F2:F1:B3:4E:6D:5B:F9:85:4B:BC:AC:28 > > > > puppetmaster# puppet cert clean fb311ff01c6f0130b650005056bc6664 > > Error: Could not find a serial number for fb311ff01c6f0130b650005056bc6664 > > > > Looks like it only cleans signed certificates, not requests. > > > > On Fri, Dec 14, 2012 at 10:33:30AM -0800, Ellison Marks wrote: > > > Does puppet cert clean not do it? > > > > > > On Friday, December 14, 2012 9:43:12 AM UTC-8, Tim Bishop wrote: > > > > I''ve got some certificate requests on my puppet master that I > > > > wish to remove. It looks like the "puppet cert" tool doesn''t > > > > have an option for doing that? What''s the best approach, just > > > > manually remove them from the puppet/ssl/ca/requests directory?-- Tim Bishop http://www.bishnet.net/tim/ PGP Key: 0x5AE7D984 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Fri, 2012-12-14 at 21:14 +0000, Tim Bishop wrote:> Nope: > > puppetmaster# puppet cert list > "fb311ff01c6f0130b650005056bc6664" (SHA256) FB:E2:F1:86:5D:80:74:25:35:75:3D:09:8F:1E:41:0B:15:D2:66:01:F2:F1:B3:4E:6D:5B:F9:85:4B:BC:AC:28 > > puppetmaster# puppet cert clean fb311ff01c6f0130b650005056bc6664 > Error: Could not find a serial number for fb311ff01c6f0130b650005056bc6664 > > Looks like it only cleans signed certificates, not requests.I think this is actually a bug, has any one reported it on the issue tracking system yet? ''puppet cert clean'' used to work to clean unsigned certificates in puppet 2.7, but no longer does in 3.0 -- Calvin Walton <calvin.walton@kepstin.ca> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi. A workaround that does the job: puppetmaster# puppet cert sign fb311ff01c6f0130b650005056bc6664 ; puppet cert clean fb311ff01c6f0130b650005056bc6664 -- Jan Møller Den fredag den 21. december 2012 21.59.49 UTC+1 skrev Calvin Walton:> > On Fri, 2012-12-14 at 21:14 +0000, Tim Bishop wrote: > > Nope: > > > > puppetmaster# puppet cert list > > "fb311ff01c6f0130b650005056bc6664" (SHA256) > FB:E2:F1:86:5D:80:74:25:35:75:3D:09:8F:1E:41:0B:15:D2:66:01:F2:F1:B3:4E:6D:5B:F9:85:4B:BC:AC:28 > > > > > puppetmaster# puppet cert clean fb311ff01c6f0130b650005056bc6664 > > Error: Could not find a serial number for > fb311ff01c6f0130b650005056bc6664 > > > > Looks like it only cleans signed certificates, not requests. > > I think this is actually a bug, has any one reported it on the issue > tracking system yet? > > ''puppet cert clean'' used to work to clean unsigned certificates in > puppet 2.7, but no longer does in 3.0 > > -- > Calvin Walton <calvin...@kepstin.ca <javascript:>> > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.