I'm trying to use the Puppet API in our monitoring to check for and alert on any unsigned certificates that might be waiting in Puppet. As per http://docs.puppetlabs.com/guides/rest_api.html#certificate-status I should be able to use something like: curl --cert /var/lib/puppet/ssl/certs/sql2.ourcompany.com.pem --key /var/lib/puppet/ssl/private_keys/sql2.ourcompany.com.pem --cacert /var/lib/puppet/ssl/certs/ca.pem -H 'Accept: pson' https://puppet.ourcompanyhosting.co.uk:8140/production/certificate_statuses/no_key However that errors: Forbidden request: sql2.ourcompany.com(xx.xxx.xxx.xx) access to /certificate_status/no_key [search] authenticated at :119 As far as I can see I should only be getting this response if I am not providing the required SSL certs. However as this is not the case I am at a loss. Any ideas what is causing the issue? If this information can be pruned from PuppetDB instead I'd be happy to use that instead as we already have a PuppetDB instance running (I had a look through the PuppetDB API and could not see anything that did this). -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2253d597-7be6-42c3-bed3-bfd1b3851b36%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.