Puppetserver certificate expiring - using external CA

asked 2018-12-05 22:15:51 -0600

Hoping for some help/clarification around this. We're using a separated CA with puppetserver 1.2.0 (old, I know, we're working on it). Our clients are returning this warning during their runs

Warning: Certificate 'Puppet CA: puppetserver.company.com' will expire on 2019-01-13T09:50:05GMT
Warning: Certificate 'puppetserver.company.com' will expire on 2019-01-13T09:50:05GMT

The confusing part is that puppetserver isn't the CA, and it's the puppetserver cert that's expiring

[root@puppetserver~]$ openssl x509 -noout -text -in /var/lib/puppet/ssl/certs/puppetserver.company.com.pem
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=Puppet CA: puppetserver.company.com
            Not Before: Jan 13 09:50:05 2014 GMT
            Not After : Jan 13 09:50:05 2019 GMT

Whereas the certificate for the CA is fine until september.

So what steps do I need to take to fix this? Can I just remove the puppetserver cert on the puppetserver and the CA, and that will give me a new one and won't break the agents? Or do I need to treat this like an expiring CA and go through that whole process?


edit retag flag offensive close merge delete