puppet-ca - Man Page

Local Puppet Certificate Authority management.


puppet ca action


This provides local management of the Puppet Certificate Authority.

You can use this subcommand to sign outstanding certificate requests, list and manage local certificates, and inspect the state of the CA.


Note that any setting that´s valid in the configuration file is also a valid long argument, although it may or may not be relevant to the present action. For example, server and run_mode are valid settings, so you can specify --server <servername>, or --run_mode <runmode> as an argument.

See the configuration file documentation at https://puppet.com/docs/puppet/latest/configuration.html for the full list of acceptable parameters. A commented list of all configuration options can also be generated by running puppet with --genconfig.

--render-as FORMAT

The format in which to render output. The most common formats are json, s (string), yaml, and console, but other options such as dot are sometimes available.


Whether to log verbosely.


Whether to log debug information.


To see all the alternate names your servers are using, log into your CA server and run puppet cert list -a, then check the output for (alt names: ...). Most agent nodes should NOT have alternate names; the only certs that should have them are Puppet Server nodes that you want other agents to trust.


April 2020 Puppet, Inc. Puppet manual