Completely replace CA infrastructure?
I'm playing with a Puppet Enterprise installation for a project at work. Without going into detail I have renamed the server from it's original hostname to one that better reflects its nature. Unfortunately, I did this after installing PE. This has led to an issue with SSL certificates and the CA.
I have a Windows 2008 R2 agent. I am able to run Puppet for an initial check in to generate the certificate request. The problem is that the certificate is signed as the old hostname. This causes problems because when I check in after the certificate has been signed. I get a slew of errors in the general language of:
Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for \CN=<OLD_HOSTNAME>]
Basically, all of the errors indicate
[unable to get local issuer certificate for /CN=<OLDHOSTNAME>].
I've followed the instructions for regenerating the SSL certs and security credential in a monolithic deployment. I would have thought that this would strip out the CA information for the old hostname but that doesn't seem to be the case since the certs are being signed as such rather than with the new hostname.
I can no doubt start from scratch since this is far from Production, but I feel it is in my best interest to figure out how to fix these types of problems without resorting to a nuclear option.
Is it possible to completely regenerate the CA infrastructure on the Puppet Master without a re-installation in order to have certs signed as the new hostname or do I have to start from scratch?