Puppet Agent still able to connect to Master after certificate revocation

Posted by chris on Server Fault See other posts from Server Fault or by chris
Published on 2012-06-21T06:21:56Z Indexed on 2012/06/26 3:18 UTC
Read the original article Hit count: 418

Filed under:

In summary:

  • Client connects for the first time and requests cert;
  • on the Master, puppetca -s client is executed;
  • Client gets the cert and completes the run successfully.

Fine. But now:

  • on the Master, puppetca -c client is executed and client's cert is not in the cert list anymore;
  • Client connects again and can perform the run as usual;

Restarting puppetmasterd doesn't solve the issue. How can I prevent client to connect once its cert has been revoked?

Thanks in advance

© Server Fault or respective owner

Related posts about puppet