Mikhail T.

Asked: 2014-11-25 16:02:47 +0800 CST2014-11-25 16:02:47 +0800 CST 2014-11-25 16:02:47 +0800 CST

Why would Puppet revoke a client's certificate?

We started getting an error from one of the Puppet-agents:

Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert certificate revoked

Indeed, according to puppet cert list $h on the server, the certificate was revoked. I cleaned it on the master, deleted the /var/lib/puppet/ssl on the client and all was fine.

I then ran puppet cert list --all | grep revoked -- and found over 20 other clients listed as "revoked" too. Spot checking the list I found, that puppet-agent did not have a problem on any of these others.

My questions:

What would cause Puppet to "revoke" a particular client's certificate? It certainly was not done by a human administrator...
Why would such revokations not break things for most clients -- but only for some?

Using puppet-2.7.25 on the clients (RHEL6) and 2.7.18 on the server (RHEL5). Thanks!

Why would Puppet revoke a client's certificate?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Why would Puppet revoke a client's certificate?

0 Answers