Puppet Certificate Management
… done on the puppetmaster:
# list certificate requestes: puppet cert --list # list all certificates (including signed certs) puppet cert --list --all # sign a request puppet cert --sign host.example.com # revoke a certificate: puppet cert --revoke host.example.com # clean a certificate: puppet cert --clean host.example.com # Print the full-text version of a host's certificate. puppet cert print host.example.com # low level alternative: openssl x509 -text -in /var/lib/puppet/ssl/ca/signed/host.example.com
Important: if a certificate has been revoked, it might be necessary to restart apache/puppetmaster to remove certificates from caches.