Ask Your Question

decline a certificate request

asked 2016-02-29 09:11:04 -0600

erichymowitz gravatar image

Short question -- how do I respond "no" to a client certificate request?

Long question --

Our puppet setup has been working fine. Suddenly, a misconfigured host makes a certificate request under the wrong name. The host has since been fixed and everything is fine, except that the puppet cert list command continues to show the outstanding incorrect request.

puppet cert clean wronghostname did not work. I get this error:

err: Could not call revoke: Could not find a serial number for wronghostname
Could not find a serial number for wronghostname

How do I tell puppet that I will never approve this request and it should stop asking?

edit retag flag offensive close merge delete


Hi, I am not very sure because I didn't try this my own but I can give you few pointers: `puppet ca revoke wronghostname` `puppet ca destroy wronghostname` I hope, it will cover both answers.

Mr_Sharma gravatar imageMr_Sharma ( 2016-03-01 01:20:31 -0600 )edit

Neither of these worked. It looks like nothing would work until I signed the cert. Thanks anyway.

erichymowitz gravatar imageerichymowitz ( 2016-03-01 07:33:59 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2016-03-01 02:59:12 -0600

Clean won't work because you haven't signed it yet.

I think because you don't really want this 'wrong host' on a revocation list, just do this:

# puppet cert sign wronghostname
# puppet cert clean wronghostname
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2016-02-29 09:11:04 -0600

Seen: 143 times

Last updated: Mar 01 '16