Re: [Puppet Users] PUPPET 6.0 : CSR from master does not match the agent public key

Thanks Maggie these instructions were perfect. The cert didn't have the extension you refer to so i recreated the ca setup on the master and then tried again with good results this time : AGENT: # puppet agent --test --noop Info: Creating a new SSL key for andy-puppet6-test.london.company.com I

Re: [Puppet Users] PUPPET 6.0 : CSR from master does not match the agent public key

Hi Maggie, > On 1. Oct 2018, at 19:24, Maggie Dreyer wrote: ack. we already saw this when using puppet 5.5 > > The new `puppetserver ca` tool makes requests to the CA API (specifically the > `certificate_status(es)` endpoints), using the master's host cert for > authorization. The master's ce

Re: [Puppet Users] PUPPET 6.0 : CSR from master does not match the agent public key

Again great response thankyou for this. It is actually an upgrade from 5.x but I will try out the proposed solutions and let you know how I get on. Andy. On Monday, 1 October 2018 18:24:50 UTC+1, Maggie Dreyer wrote: > > The new `puppetserver ca` tool makes requests to the CA API (specifically

Re: [Puppet Users] PUPPET 6.0 : CSR from master does not match the agent public key

The new `puppetserver ca` tool makes requests to the CA API (specifically the `certificate_status(es)` endpoints), using the master's host cert for authorization. The master's cert is created with a special extension authorizing it to talk to those endpoints, allowed via a rule in `auth.conf`. A pe

Re: [Puppet Users] PUPPET 6.0 : CSR from master does not match the agent public key

Hi Maggie - thanks for the reply. When I run the new command this is what we get : # puppetserver ca clean --certname andy-puppet6-test.london.company.com Error: When attempting to revoke certificate 'andy-puppet6-test.london.company.com', received: code: 403 body: Forbidden requ

Re: [Puppet Users] PUPPET 6.0 : CSR from master does not match the agent public key

Hello! For cleaning the cert on the master, are you trying to use `puppet cert clean`? This error message needs to be updated to instead say "On the master: use `puppetserver ca clean --certname `". The `puppet cert` command was removed in 6.0.0, see https://puppet.com/docs/puppet/6.0/release_note

[Puppet Users] PUPPET 6.0 : CSR from master does not match the agent public key

Just deployed a new puppet 6.0 client / server setup and getting the classic CSR signing issue (see details below). Please help clarify my understanding so I can troubleshoot this (I'm sure there's a quick fix for this) : N.B. The usual "remove the SSL dir on the client and clean the cert on th