Ask Your Question
0

revoke and delete cert via the REST API?

asked 2013-09-27 17:40:56 -0500

ramindk gravatar image

How can I use the REST API to revoke and delete certs?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
2

answered 2013-09-27 17:46:27 -0500

ramindk gravatar image

First you need to use a cert that has access or create a cert to authorize. In the situation where you need an app to or toolset to delete/revoke serts I prefer to create a cert for that purpose.

Assuming you've created a cert you'll need to give it access. Do this on in Puppet master auth.conf

# allow nodes to touch their own cert and myappcert to touch all certs
path ~ /certificate_status/([^/]+)$
auth yes
allow $1
allow myappcert

Once you've restarted you Puppet master, you'll be able to use you myappcert to make changes ... (more)

edit flag offensive delete link more

Comments

I have some question related to this solution. What might be the best practice to verify the cert got deleted? Shall run the command, "puppet cert list --all | grep oldserver01.example.com", from puppet master? Or shall I use an API call to confirm, if there is any? What would you suggest?

weekendbulls gravatar imageweekendbulls ( 2017-09-18 17:29:05 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2013-09-27 17:40:56 -0500

Seen: 1,519 times

Last updated: Sep 27 '13