puppet-ca man page

puppet-ca — Local Puppet Certificate Authority management.

Synopsis

puppet ca action

Description

This provides local management of the Puppet Certificate Authority.

You can use this subcommand to sign outstanding certificate requests, list and manage local certificates, and inspect the state of the CA.

Options

Note that any setting that´s valid in the configuration file is also a valid long argument, although it may or may not be relevant to the present action. For example, server and run_mode are valid settings, so you can specify --server <servername>, or --run_mode <runmode> as an argument.

See the configuration file documentation at https://docs.puppetlabs.com/puppet/latest/reference/configuration.html for the full list of acceptable parameters. A commented list of all configuration options can also be generated by running puppet with --genconfig.

--render-as FORMAT

The format in which to render output. The most common formats are json, s (string), yaml, and console, but other options such as dot are sometimes available.

--verbose

Whether to log verbosely.

--debug

Whether to log debug information.

Actions

To see all the alternate names your servers are using, log into your CA server and run puppet cert list -a, then check the output for (alt names: ...). Most agent nodes should NOT have alternate names; the only certs that should have them are Puppet Server nodes that you want other agents to trust.

Info

January 2018 Puppet Labs, LLC Puppet manual