How to download CRL?
I am trying to get a copy of the current CRL onto my PuppetMasters. The command I run on the PuppetMasters to accomplish this is:
puppet certificate_revocation_list find crl
I get a CRL but it is not the correct CRL. Note that the Puppet CA is on its own server, not on any PuppetMaster. What am I doing wrong?
UPDATE. Following cbarbour's suggestion, I tried this:
puppet certificate_revocation_list --debug --ca_server=puppet3ca.example.com --ca_port=8141 find crl --terminus rest
This does not give me an error, but nothing is output, either. Looking at the Apache log on the Puppet CA server, I see this entry:
GET /production/certificate_revocation_list/crl? HTTP/1.1" 404
which seems to imply that the Puppet CA service could not find what I am asking for.