Bug #4406
puppet cert --revoke doesn't do it's job correctly
| Status: | Closed | Start date: | 07/30/2010 | |
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | SSL | |||
| Target version: | 2.6.1 | |||
| Affected Puppet version: | 2.6.0 | Branch: | ||
| Keywords: | puppet cert revoke clean | |||
| Votes: | 0 |
Description
When I revoke a signed host certificate via ‘puppet cert —revoke hostname’ puppet reports “notice: Revoked certificate with serial xx”.
But the revoked host is still able to query and apply his catalogue from the server. Same happens with ‘puppet cert —clean hostname’. Certificates are revoked and files are removed successfully.
If I look into the ssl directory they are actually gone too. But still the affected client is still able to connect to the server.
History
Updated by James Turnbull almost 2 years ago
- Status changed from Unreviewed to Needs More Information
- Priority changed from Normal to High
- Target version set to 2.6.1
So no error messages or change at all after revoking or cleaning a client’s certificates? Does the ability to connect go away if you restart the Puppet master?
Updated by christian c almost 2 years ago
No, no error messages. Just puppet’s confirmation that the specific files were deleted and revoked.
I’ll test restarting puppetmaster first thing on Monday and report back.
Updated by christian c almost 2 years ago
Well, shame on me. Revocation works after the master is restarted….just as the documentations says.
Sorry for wasting your time.
Updated by James Turnbull almost 2 years ago
- Status changed from Needs More Information to Closed