2

I would like to know if there is a way to revoke some cert requests that came to my puppet master

e.g 

 $ sudo puppet cert --list 

   "(none)"       (SHA256)
E6:91:40:DB:E6:C7:B7:56:7F:73:D3:3C:ED:FB:C7:DA:AC:A9:5B:CE:02:3A:38:19:AC:02:6D:A8:94

   "test2"     (SHA256) 
DB:0F:37:51:F1:12:86:9F:61:01:3E:B7:82:D5:57:5E:6E:83:BD:2F:23:93:F6:2B:34:85:D2:F0:27

I have these cert requests which i want to remove all together and so it does not show up next time i run the command

any ideas would be helpful

Kate
  • 652
  • 5
  • 18
mandm
  • 23
  • 1
  • 3

2 Answers2

3

I suspect you may be looking at pending requests not certificates.

Unapproved requests are typically in the $ssldir/ssl/ca/requests (on my system /var/lib/puppet/ssl/ca/requests) directory. Just go into the directory and delete them using rm, or whatever.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
1

You could use the clean action:

 puppet cert clean test2

It's in the documentation.

Philip Kirkbride
  • 279
  • 2
  • 10
  • 30
user9517
  • 115,471
  • 20
  • 215
  • 297
  • 2
    AFAIK clean doesn't remove **requests** that have been not issued certs. I suspect that is what the OP is really looking for. – Zoredache Feb 20 '15 at 22:48
  • 1
    From the link: Revoke a host's certificate (if applicable) and remove all files related to that host from puppet cert's storage. This is useful when rebuilding hosts, since new certificate signing requests will only be honored if puppet cert does not have a copy of a signed certificate for that host. **If '--all' is specified then all host certificates, both signed and unsigned, will be removed.** If it doesn't, then it's a bug. –  Feb 20 '15 at 23:30
  • Late to the party, but it is a bug and apparently it's still not fixed: https://tickets.puppetlabs.com/browse/PUP-1916 – faker Jul 08 '17 at 12:24