search for: allow_duplicate_certs

I saw this feature became available in 2.7.0rc1 and wanted to try it out. I entered ''allow_duplicate_certs = true'' on both my master and agent systems in the puppet.conf (not sure if its need in both, saw it in genconf for puppetd and puppetmasterd though ...). I also have autosign.conf configured to allow autosigning for our domain (*.domain.com). I had my agent register with the master for...

Is there a way to force the puppetmaster to resign certificates for existing certificates when a new CSR for the same hostname arrives? When we reinstall freshly formatted clients with puppet (with the same hostname) the puppet client complains: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it

...: file_metadata supports formats: b64_zlib_yaml pson raw yaml; using pson debug: Using cached certificate for ca debug: Using cached certificate for vusion-production debug: Using cached ce ..............* it works* ## User mode config root@vusion-production:~# puppet config print all --mode user allow_duplicate_certs = false archive_file_server = puppet archive_files = false async_storeconfigs = false authconfig = /etc/puppet/namespaceauth.conf autoflush = false autosign = /etc/puppet/autosign.conf bindaddress = "" bucketdir = /var/lib/puppet/bucket ca = true ca_days = "" ca_md = md5 ca_name...

...# ldapport = 389 # Where the CA stores the password for the private key # The default value is ''$caprivatedir/ca.pass''. capass = /etc/puppet/ssl/ca/private/ca.pass # Whether to allow a new certificate # request to overwrite an existing certificate. # allow_duplicate_certs = false # The type of hash used in certificates. # The default value is ''md5''. # ca_md = md5 # A Complete listing of all certificates # The default value is ''$cadir/inventory.txt''. cert_inventory = /etc/puppet/ssl/ca/inventory.txt #...